FEMA IS-523: Resilient Accord – Exercising Continuity Plans for Cyber Incidents Answers The ten essential elements of a viable continuity of operations program include are continuity communications; continuity facilities; devolution; essential functions; human capital; reconstitution; vital records; delegations of authority; orders of succession; test training and exercise. A. TrueFalse A worm self-replicates across networks without a host file through inbuilt email or scan engines. A. TrueFalse National Planning Scenario #10 focuses on a cyber attack against critical infrastructures reliant upon the internet over a long period of time cause major disruptions and considerable harm to the United States. A. TrueFalse Federal Continuity Directive (FCD-1) provides direction to the Federal executive branch for developing continuity plans and programs. A. TrueFalse Federal Continuity Directive 2 (FCD-2) and Continuity Guidance Circular 2 (CGC-2) provides methodology for conducting for conducting a Business Process Analysis and Business Impact Analysis. A. True False Coordination between public and private sector is encouraged to strengthen continuity and cybersecurity capabilities. A. TrueFalse The National Continuity Policy Implementation Plan (NCPIP) directs FEMA National Continuity Programs to provide cyber security assistance and support in accordance with Homeland Security Presidential Directive-7 and the National Strategy to Secure Cyberspace. A. TrueFalse FEMA National Continuity Programs (NCP) is the Federal Executive Branch Lead Agent responsible for the development and promulgation of Continuity of Operations (COOP) directives and guidance, and training which includes coordination between the Federal, State, local, territorial, tribal and private sectors. A. TrueFalse It is important that the continuity planner and information technology professionals work together because: A. Information Technology professional must manage daily functions of continuity plannerContinuity planner must manage daily function performed by information technology professionals The continuity planner should understand the essential functions of their organization and the impact of losing that capability, while IT personnel should understand the technical requirements needed to support the performance of essential functions. Continuity Guidance Circular 1 (CGC-1) provides continuity guidance for non-federal entities (States, territories, tribal and local government jurisdictions) and private sector organizations. A. TrueFalse The good business practice of ensuring the execution of essential functions through all circumstances, and a fundamental responsibility of public and private entities to their stakeholders can be described as________________. A. Devolution planningContinuity planningReconstitution planning The Business Process Analysis (BPA) is a method of examining, identifying, and mapping the functional processes, workflows, activities, personnel expertise, systems, data and facilities inherent to the execution of a essential function. A. TrueFalse Cyber linkages among sectors raise the risk of cascading failures during a cyber incident which may impact performance of essential functions. A. True False The United States is the most targeted country for cyber attacks. A. TrueFalse A Trojan appears legitimate but can be a carrier for a virus and is able to self-replicate. A. TrueFalse Establishing continuity plans and procedures mitigate consequences from cyber incidents and assure performance of essential functions. A. TrueFalse As organizations work to improve their continuity plans and programs to include cybersecurity, continuity planners should: A. Communicate the importance and value of establishing continuity plans that address the various cyber risks.Understand the challenges and incorporate methods to enhance the organization’s ability to perform essential functions.All of the aboveEstablish solid relationships with information technology professionals. Within the Department of Homeland Security (DHS) ________ serves as the Subject Matter Expert (SME) for defining cyber risks and vulnerabilities. A. FEMA National Continuity ProgramsDHS National Cyber Security DivisionUnited States Secret ServiceUnited States Coast Guard Cyberspace is the interdependent network of IT infrastructures including the internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. A. TrueFalse Organizations should consider implementing policies for patching vulnerabilities in systems and servers to reduce risk. A. TrueFalse According to the National Continuity Policy Implementation Plan, risk management is the process used to identify, control, and minimize the impact of uncertain events. A. TrueFalse DHS components of risk include threat, vulnerability and consequences. A. TrueFalse A virus is not able to self replicate and requires a host file. A. TrueFalse Various cyber threats may impact your organizations ability to perform essential functions. However, the intent to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence can be best described as the following: A. HackersBot-Network OperatorsScript KiddiesTerrorists The Business Impact Analysis (BIA) evaluates the risk to mission essential functions from various threats and hazards. A. True B. False Previous Next