FEMA IS860 Final Exam for: IS-860.c: The National Infrastructure Protection Plan, An Introduction 2021 (Answered)

Final Exam for: IS-860.c: The National Infrastructure Protection Plan, An Introduction 1. What NIPP 2013 element provide a basis for the critical infrastructure community to work jointly to set specific national priorities? A. Core Tenets B. Partnership Model C. Risk Management Framework D. Mission, vision, and goals. E. Call to Action 2. Make the following statement True by filling in the blank from the choices below: Reliance on information and communications technologies have ____ potential vulnerabilities to physical and cyber threats and potential consequences resulting from the compromise of underlying systems or networks. A. reduced B. divided C. increased D. no effect on 3. Which of the following is the PPD-21 definition of Security? A. Reducing the risk to critical infrastructure by physical means or defens[ive] cyber measures to intrusions, attacks, or the effects of natural or manmade disasters. B. The protection of information assets through the use of technology, processes, and training. C. Procedures followed or measures taken to ensure the safety of a state or organization D. A financial instrument that represents: an ownership position in a publicly-traded corporation (stock), a creditor relationship with governmental body or a corporation (bond), or rights to ownership as represented by an option. 4. All of the following are strategic imperatives described by PPD-21 to drive the Federal approach to strengthen critical infrastructure security and resilience EXCEPT: A. Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience B. Coordinate with critical infrastructure owners and operators to improve cybersecurity information sharing and collaboratively develop and implement risk-based approaches to cybersecurity C. Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure D. Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government 5. This forum comprises regional groups and coalitions around the country engaged in various initiatives to advance critical infrastructure security and resilience in the public and private sectors A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC) 5 Per PageB. Regional Consortium Coordinating Council (RC3) C. Federal Senior Leadership Council (FSLC) D. Sector Coordinating Councils (SCC) 6. Under which category in the NIPP Call to action does the following activity fall: Learn and Adapt During and After Exercises and Incidents A. Build Upon Partnership Efforts B. Focus on Outcomes C. Innovate in Managing Risk 7. PPD-21 recommends critical infrastructure owners and operators contribute to national critical infrastructure security and resilience efforts through a range of activities, including all of the following EXCEPT: A. Perform critical infrastructure risk assessments; understand dependencies and interdependencies; and develop emergency response plans B. Sponsor critical infrastructure security and resilience-related research and development, demonstration projects, and pilot programs C. Develop and coordinate emergency response plans with appropriate Federal and SLTT government authorities D. Establish continuity plans and programs that facilitate the performance of lifeline functions during an incident 8. This forum promotes the engagement of non-Federal government partners in National critical infrastructure security and resilience efforts and provides an organizational structure to coordinate across jurisdictions on State and local government guidance, strategies and programs. A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC) B. Regional Consortium Coordinating Council (RC3) C. Federal Senior Leadership Council (FSLC) D. Sector Coordinating Councils (SCC) 9. For what group of stakeholders are the following examples of activities suggested: Become involved in a relevant local, regional sector and cross-sector partnership; Work with private sector and emergency response partners on emergency management plans and exercising; Share success stories and opportunities for improvement. A. State, Local, Tribal, and Territorial Government Executives B. Private Sector Companies C. First Responders D. All of the Above 10. Which of the following critical infrastructure partners offer an additional mechanism to engage with a pre-existing group of private sector leaders to obtain feedback on critical infrastructure policy and programs, and to make suggestions to increase the efficiency and effectiveness of specific government programs. A. Federal and State Regulatory Agencies B. State and Regionally Based Boards, Commissions, Authorities, Councils, and Other Entities C. Academia and Research Centers D. Advisory Councils11. All of the following statements about NIPP 2013 are true EXCEPT: A. The NIPP Framework is applicable for both terrorist attacks and natural disasters B. The NIPP framework is based on an understanding that in some sectors, private C. Collaboration between private and public sector is a key component of the NIPP D. The NIPP replaces continuity of operations and local emergency operations plans 12. Make the following statement TRUE by filling in the blank from the choices below: The NIPP risk management framework _____. A. is designed to provide flexibility for use in all sectors, across different geographic regions and by various partners. B. can be tailored to dissimilar operating environments and applies to all threats and hazards. C. supports a collaborative decision making process to inform the selection of risk management actions. D. Is applicable to threats such as disasters, manmade safety hazards and terrorism. E. All of the above 13. Make the following statement True by filling in the blank from the choices below: Regional organizations play an important partnership role in the critical infrastructure security and resilience community because they ____. A. Are crucial coordination hubs, bringing together prevention, protection, mitigation, response, and recovery authorities, capabilities, and resources among local jurisdictions, across sectors, and between regional entities. B. Include a variety of public-private sector initiatives that cross jurisdictional and/or sector boundaries and focus on prevention, protection, mitigation, response, and recovery within a defined geographic area. C. Have unique responsibilities, functions, or expertise in a particular critical infrastructure sector (such as GCC members) assist in identifying and assessing high-consequence critical infrastructure and collaborate with relevant partners to share security and resilience-related information within the sector, as appropriate. D. Develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well. 14. Activities conducted during this step in the Risk Management Framework allow critical infrastructure community leaders to understand the most likely and severe incidents that could affect their operations and communities and use this information to support planning and resource allocation in a coordinated manner. A. Set goals B. Measure Effectiveness C. Implement Risk Management Activities D. Assess and Analyze Risks E. Identify Infrastucture 15. To achieve security and resilience, critical infrastructure partners must: A. Leverage the full spectrum of capabilities, expertise and experience across the critical infrastructure community andassociated stakeholders. B. Implement an integration and analysis function within each organization to inform partners of critical infrastructure planning and operations decisions. C. Restrict information sharing activities to departments and agencies within the intelligence community. D. Support all Federal, State, local, tribal and territorial government efforts to effect national critical infrastructure security and resilience. 16. Which of the following statements describes the benefits of information sharing? A. Information sharing enhances owners' and operators' ability to assess risks, make prudent security investments and develop appropriate resilience strategies. B. Information sharing enhances government's ability to adjust its information collection, analysis, synthesis and dissemination activities based on the needs of the private sector. C. The increasing availability of data and information essential to operating and maintaining infrastructure and related technologies enables more efficient and effective practices. D. Multidirectional information sharing enhances owners and operators ability to assess risks, make prudent security investments and develop appropriate resilience strategies E. All of the Above 17. The National Plan establishes seven Core Tenets, representing the values and assumptions the critical infrastructure community should consider when conducting security and resilience planning. A. TRUE B. FALSE 18. The sector and cross-sector partnership model is intended to promote consistency of process to enable efficient collaboration between disparate parts of the critical infrastructure community, while allowing for the use of other viable partnership structures and planning processes. A. TRUE B. FALSE 19. Which of the following statements describes how the NIPP fosters information sharing at all levels between private sector owners and operators and their government counterparts? A. Multidirectional information sharing enhances owners and operators ability to assess risks, make prudent security investments and develop appropriate resilience strategies B. Voluntary collaboration is the primary mechanism for advancing collective action toward national critical infrastructure security and resilience. C. When the Government understands private sector information needs, it can adjust its information collection, analysis, synthesis and dissemination activities accordingly. D. When the private sector is assured that the critical infrastructure information that it shares with the government will be protected from release or disclosure, the Nation's critical infrastructure protection capabilities will be enhanced. E. All of the Above 20. TRUE or FALSE: The critical infrastructure risk management approach complements and supportsthe Threat and Hazard Identification and Risk Assessment (THIRA) process conducted by regional, State, and urban area jurisdictions. A. TRUE B. FALSE 21. All of the following are features of the critical infrastructure risk management framework EXCEPT: A. It is designed to provide flexibility for use in all sectors, across different geographic regions and by various partners B. It supports a collaborative decisionmaking process to inform the selection of risk management actions. C. It can be tailored to dissimilar operating environments and applies to all threats and hazards. D. It describes the functions of the partnership structures, as well as additional structures that support national critical infrastructure security and resilience 22. Which of the following NIPP Core Tenets statement is correct? A. Risk should be identified and managed in a coordinated and comprehensive way across the critical infrastructure community to restrict allocation of security and resilience resources. B. The partnership approach to critical infrastructure security and resilience recognizes the unique perspectives and competitive advantages of the diverse critical infrastructure community. C. Gaining knowledge of infrastructure risk and interdependencies requires sharing classified information across the entire critical infrastructure community. D. Understanding and addressing risks from cross-sector dependencies and interdependencies is essential to enhancing critical infrastructure security and resilience. 23. For what group of stakeholders are the following examples of activities suggested: Become involved in sector-specific and information sharing partnerships; Help develop analysis to better understand risks; Build security and resilience considerations into cost-benefit analysis to understand return on investment A. State, Local, Tribal, and Territorial Government Executives B. Private Sector Companies C. First Responders D. All of the Above 24. TRUE or FALSE: The NIPP information-sharing approach constitutes a shift from a networked model to a strictly hierarchical structure, restricting distribution and access to information to prevent decentralized decisionmaking and actions. A. TRUE B. FALSE 25. ALL of the following statements directly to one of the seven NIPP 2013 core tenets EXCEPT: A. Partnerships are crucial to developing shared perspectives on gaps and actions to improve critical infrastructure security and resilience. B. Managing risk requires sharing information, promoting efficient and effective use of resources and minimizing duplication of effort.C. Hazard assessments draw on theoretical scenarios and deductive reasoning about future natural hazards to assess the likelihood or frequency of various hazards. D. The way infrastructure sectors interact shapes how the Nation's critical infrastructure partners should collectively manage risk. E. Security and resilience should be considered during the design of assets, systems and networks. 26. Decision makers prioritize activities to manage critical infrastructure risk based on the criticality of the affected infrastructure, the costs of such activities, and the potential for risk reduction during this step in the Risk Management Framework A. Set goals B. Measure Effectiveness C. Implement Risk Management Activities D. Assess and Analyze Risks E. Identify Infrastucture 27. Under which category in the NIPP Call to action does the following activity fall: Analyze Infrastructure Dependencies, Interdependencies and Associated Cascading Effects A. Build Upon Partnership Efforts B. Focus on Outcomes C. enhance se Innovate in Managing Risk 28. Within the NIPP Risk Management Framework, the interwoven elements of critical infrastructure include A. Set goals, identify Infrastructure, and measure effectiveness B. Threat, vulnerability, and consequence C. Information sharing and the implementation steps D. Human , cyber, and physical E. None of the Above 29. Which of the following activities that First Responder Organizations Can Do support the NIPP 2013 Core Tenet category, "Focus on outcomes"? A. Participate in multi-directional information sharing. B. Use existing partnership structures to enhance relationships across the critical infrastructure community. C. Work with private sector and emergency response partners on emergency management plans and exercising participation and response. D. Share success stories and opportunities for improvement. 30. For what group of stakeholders are the following examples of activities suggested: Foster active local and regional cross-sector partnerships; encourage private sector and emergency response coordination on emergency management plans and exercises; and understand interdependencies A. State, Local, Tribal, and Territorial Government Executives B. Private Sector CompaniesC. First Responders D. All of the Above 31. TRUE or FALSE: The sector and cross-sector partnership approach is designed to be scalable and allow individual owners and operators of critical infrastructure and other stakeholders across the country to participate. A. TRUE B. FALSE 32. PPD-21 prescribes Sector Specific Agencies with all of the following roles and responsibilities, EXCEPT: A. Carry out incident management responsibilities consistent with statutory authority and other appropriate policies, directives, or regulations B. Ensure that funding priorities are addressed and that resources are allocated efficiently and effectively C. Provide, support, or facilitate technical assistance and consultations for a specific sector to identify vulnerabilities and help mitigate incidents, as appropriate D. Serve as a day-to-day Federal interface for the dynamic prioritization and coordination of sectorspecific activities 33. All of the following statements about the importance of critical infrastructure partnerships are true EXCEPT A. The critical infrastructure partnership community involved in managing risks is wideranging, composed of owners and operators; Federal, State, local, tribal and territorial governments; regional entities; non-profit organizations; and academia. B. Critical infrastructure partners require efficient sharing of actionable and relevant information among partners to build situational awareness and enable effective risk-informed decisionmaking C. To achieve security and resilience, critical infrastructure partners must leverage the full spectrum of capabilities, expertise and experience across the critical infrastructure community and associated stakeholders. D. The Federal, State, local, tribal and territorial government is ultimately responsible for managing all risks to critical infrastructure for private and public sector partners; regional entities; non-profit organizations; and academia. 34. The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT? A. Empower local and regional partnerships to build capacity nationally B. Determine collective actions through joint planning efforts C. Promote infrastructure, community, and regional recovery following incidents D. Set national focus through jointly developed priorities E. Leverage incentives to advance security and resilience 35. All of the following statements are Core Tenets of the NIPP EXCEPT: A. Comparative advantage in risk mitigationB. Domestic and international partnership collaboration C. Coordinated and comprehensive risk identification and management D. Security and resilience by design 36. Consisting of officials from the Sector-specific Agencies and other Federal departments and agencies, this forum facilitates critical infrastructure security and resilience communication and coordination across the Federal Government. A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC) B. Regional Consortium Coordinating Council (RC3) C. Federal Senior Leadership Council (FSLC) D. Sector Coordinating Councils (SCC) 1. NIPP framework is designed to address which of the following types of events? A. A blackout affecting the Northeast B. Disruptions to infrastructure systems that cause cascading effects over multiple jurisdictions C. Long term risk management planning to address prolonged floods and droughts D. Cyber intrusions resulting in physical infrastructure failures and vice versa E. All of the above 2. All of the following terms describe key concepts in the NIPP EXCEPT: A. Defense B. Security C. Critical Infrastructure D. Resilience E. None of the Above 3. Which of the following activities that Private Sector Companies Can Do support the NIPP 2013 Core Tenet category, "Innovate in managing risk"? A. Identify shared goals, define success and document effective practices. B. Participate in training and exercises; Attend webinars, conference calls, cross-sector events and listening sessions. C. Establish relationships with key local partners including emergency management D. Adopt the Cybersecurity Framework. 4. All of the following statements are Key Concepts highlighted in NIPP 2013 EXCEPT: A. The Nation's critical infrastructure is largely owned and operated by the private sector; however, Federal and SLTT governments also own and operate critical infrastructure, as do foreign entities and companies. B. Having accurate information and analysis about risk is essential to achieving resilience. C. Developing partnerships with private sector stakeholders is an option for consideration bygovernment decisionmakers ultimately responsible for implementing effective and efficient risk management. D. Risk management and prevention and protection activities contribute to strengthening critical infrastructure security and resilience. 6. Make the following statement True by filling in the blank from the choices below: The critical infrastructure risk environment is ______. A. tangible and concrete B. stable and uncertain C. complex and uncertain D. complex and definitive 10. Which of the following activities that SLTT Executives Can Do support the NIPP 2013 Core Tenet category, "Build upon partnership efforts"? A. Use existing partnership structures to enhance relationships across the critical infrastructure community. B. Identify effective security and resilience practices. C. Consider security and resilience when designing infrastructure. D. Understand interdependencies. 19. Which of the following is the PPD-21 definition of Resilience? A. The ability to stand up to challenges, work through them step by step, and bounce back stronger than you were before. B. The ability of an ecosystem to return to its original state after being disturbed C. The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. D. The process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress 17. For what group of stakeholders are the following examples of activities suggested: Build Upon Partnership Efforts; Innovate in Managing Risk; Focus on Outcomes A. State, Local, Tribal, and Territorial Government Executives B. Private Sector Companies C. First Responders D. All of the Above 14. Which of the following documents best defines and analyzes the numerous threats and hazards to homeland security? A. Presidential Policy Directive 21 B. The Strategic National Risk Assessment (SNRA) C. NIPP 2013 Supplement: Incorporating Resilience into Critical Infrastructure Projects D. The National Strategy for Information Sharing and Safeguarding13. Which of the following are examples of critical infrastructure interdependencies? A. Reliance on information and communications technologies to control production B. Distributed nature of critical infrastructure operations, supply and distribution systems C. Public and private sector partners work collaboratively to develop plans and policies D. Commuter use of Global Positioning Service (GPS) navigation to avoid traffic jams E. All of the above 12. Under which category in the NIPP Call to action does the following activity fall: Determine Collective Actions through Joint Joint-Planning Efforts A. Innovate in Managing Risk B. Build Upon Partnership Efforts C. Focus on Outcomes 28. During this step in the Risk Management Framework, the critical infrastructure and national preparedness communities may conduct exercises to assess and validate the capabilities of organizations, agencies, and jurisdictions. A. Implement Risk Management Activities B. Measure Effectiveness C. Identify Infrastucture D. Set goals E. Assess and Analyze Risks 22. An understanding of criticality, essential functions and resources, as well as the associated interdependencies of infrastructure is part of this step in the Risk Management Framework: A. Implement Risk Management Activities B. Measure Effectiveness C. Identify Infrastucture D. Set goals E. Assess and Analyze Risks 36. The risk environment includes the following types of vulnerabilities and consequences: A. Extreme weather B. Accidents and technical failures C. Cyber Threats D. Acts of Terrorism E. Pandemics F. All of the Above 34. The Call to Action activity "Improve Critical Infrastructure Security and Resilience by Advancing Research and Development Solutions" is related to which of the five steps toward implementing the risk management framework A. Implement Risk Management ActivitiesB. Measure Effectiveness C. Identify Infrastructure D. Set Infrastructure Goals and Objectives E. Assess and Analyze Risks 11. Which of the following is the NIPP definition of Critical Infrastructure? A. The basic facilities, services, and installations needed for the functioning of a community or society, such as transportation and communications systems, water and power lines, and public institutions including schools, post offices, and prisons. B. Fundamental facilities and systems serving a country, city, or area, as transportation and communication systems, power plants, and schools. C. Essential services for effective function of a nation which are vital during emergency,natural disasters such as floods and eathquake,outbreak of virus or other diseases which may affect thousands of people or distrupt facilities without warning. D. Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. 16. Dependencies and interdependencies emerging from complex cyber capabilities and limitations is an example of which risk element? A. Consequence B. Human C. Vulnerability D. Threat