Skip to content

FEMA IS-523: Resilient Accord – Exercising Continuity Plans for Cyber Incidents Answers

The ten essential elements of a viable continuity of operations program include are continuity communications; continuity facilities; devolution; essential functions; human capital; reconstitution; vital records; delegations of authority; orders of succession; test training and exercise. A. True

False

A worm self-replicates across networks without a host file through inbuilt email or scan engines. A. True

False

National Planning Scenario #10 focuses on a cyber attack against critical infrastructures reliant upon the internet over a long period of time cause major disruptions and considerable harm to the United States. A. True

False

Federal Continuity Directive (FCD-1) provides direction to the Federal executive branch for developing continuity plans and programs. A. True

False

Federal Continuity Directive 2 (FCD-2) and Continuity Guidance Circular 2 (CGC-2) provides methodology for conducting for conducting a Business Process Analysis and Business Impact Analysis. A. True

False

Coordination between public and private sector is encouraged to strengthen continuity and cybersecurity capabilities. A. True

False

The National Continuity Policy Implementation Plan (NCPIP) directs FEMA National Continuity Programs to provide cyber security assistance and support in accordance with Homeland Security Presidential Directive-7 and the National Strategy to Secure Cyberspace. A. True

False

FEMA National Continuity Programs (NCP) is the Federal Executive Branch Lead Agent responsible for the development and promulgation of Continuity of Operations (COOP) directives and guidance, and training which includes coordination between the Federal, State, local, territorial, tribal and private sectors. A. True

False

It is important that the continuity planner and information technology professionals work together because: A. Information Technology professional must manage daily functions of continuity planner

Continuity planner must manage daily function performed by information technology professionals

The continuity planner should understand the essential functions of their organization and the impact of losing that capability, while IT personnel should understand the technical requirements needed to support the performance of essential functions.

Continuity Guidance Circular 1 (CGC-1) provides continuity guidance for non-federal entities (States, territories, tribal and local government jurisdictions) and private sector organizations. A. True

False

The good business practice of ensuring the execution of essential functions through all circumstances, and a fundamental responsibility of public and private entities to their stakeholders can be described as________________. A. Devolution planning

Continuity planning

Reconstitution planning

The Business Process Analysis (BPA) is a method of examining, identifying, and mapping the functional processes, workflows, activities, personnel expertise, systems, data and facilities inherent to the execution of a essential function. A. True

False

Cyber linkages among sectors raise the risk of cascading failures during a cyber incident which may impact performance of essential functions. A. True

False

The United States is the most targeted country for cyber attacks. A. True

False

A Trojan appears legitimate but can be a carrier for a virus and is able to self-replicate. A. True

False

Establishing continuity plans and procedures mitigate consequences from cyber incidents and assure performance of essential functions. A. True

False

As organizations work to improve their continuity plans and programs to include cybersecurity, continuity planners should: A. Communicate the importance and value of establishing continuity plans that address the various cyber risks.

Understand the challenges and incorporate methods to enhance the organization’s ability to perform essential functions.

All of the above

Establish solid relationships with information technology professionals.

Within the Department of Homeland Security (DHS) ________ serves as the Subject Matter Expert (SME) for defining cyber risks and vulnerabilities. A. FEMA National Continuity Programs

DHS National Cyber Security Division

United States Secret Service

United States Coast Guard

Cyberspace is the interdependent network of IT infrastructures including the internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. A. True

False

Organizations should consider implementing policies for patching vulnerabilities in systems and servers to reduce risk. A. True

False

According to the National Continuity Policy Implementation Plan, risk management is the process used to identify, control, and minimize the impact of uncertain events. A. True

False

DHS components of risk include threat, vulnerability and consequences. A. True

False

A virus is not able to self replicate and requires a host file. A. True

False

Various cyber threats may impact your organizations ability to perform essential functions. However, the intent to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence can be best described as the following: A. Hackers

Bot-Network Operators

Script Kiddies

Terrorists

The Business Impact Analysis (BIA) evaluates the risk to mission essential functions from various threats and hazards. A. True

 B. False