FEMA IS-860.C: The National Infrastructure Protection Plan, An Introduction Answers

For what group of stakeholders are the following examples of activities suggested: Become involved in a relevant local, regional sector and cross-sector partnership; Work with private sector and emergency response partners on emergency management plans and exercising; Share success stories and opportunities for improvement. A. State, Local, Tribal, and Territorial Government Executives

Private Sector Companies

First Responders

All of the Above

All of the following are features of the critical infrastructure risk management framework EXCEPT: A. It describes the functions of the partnership structures, as well as additional structures that support national critical infrastructure security and resilience

It supports a collaborative decisionmaking process to inform the selection of risk management actions.

It can be tailored to dissimilar operating environments and applies to all threats and hazards.

It is designed to provide flexibility for use in all sectors, across different geographic regions and by various partners

All of the following statements about NIPP 2013 are true EXCEPT: A. The NIPP replaces continuity of operations and local emergency operations plans

The NIPP framework is based on an understanding that in some sectors, private

Collaboration between private and public sector is a key component of the NIPP

The NIPP Framework is applicable for both terrorist attacks and natural disasters

TRUE or FALSE: The critical infrastructure risk management approach complements and supports the Threat and Hazard Identification and Risk Assessment (THIRA) process conducted by regional, State, and urban area jurisdictions. A. TRUE

FALSE

All of the following statements are Core Tenets of the NIPP EXCEPT: A. Security and resilience by design

Domestic and international partnership collaboration

Coordinated and comprehensive risk identification and management

Comparative advantage in risk mitigation

All of the following are strategic imperatives described by PPD-21 to drive the Federal approach to strengthen critical infrastructure security and resilience EXCEPT: A. Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government

Coordinate with critical infrastructure owners and operators to improve cybersecurity information sharing and collaboratively develop and implement risk-based approaches to cybersecurity

Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure

Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience

To achieve security and resilience, critical infrastructure partners must: A. Support all Federal, State, local, tribal and territorial government efforts to effect national critical infrastructure security and resilience.

Implement an integration and analysis function within each organization to inform partners of critical infrastructure planning and operations decisions.

Restrict information sharing activities to departments and agencies within the intelligence community.

Leverage the full spectrum of capabilities, expertise and experience across the critical infrastructure community and associated stakeholders.

The Call to Action activity “Improve Critical Infrastructure Security and Resilience by Advancing Research and Development Solutions” is related to which of the five steps toward implementing the risk management framework A. Identify Infrastructure

Implement Risk Management Activities

Measure Effectiveness

Assess and Analyze Risks

Set Infrastructure Goals and Objectives

Make the following statement True by filling in the blank from the choices below: Other Federal departments and agencies play an important partnership role in the critical infrastructure security and resilience community because they ____. A. Develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well.

Include a variety of public-private sector initiatives that cross jurisdictional and/or sector boundaries and focus on prevention, protection, mitigation, response, and recovery within a defined geographic area.

Have unique responsibilities, functions, or expertise in a particular critical infrastructure sector (such as GCC members) assist in identifying and assessing high-consequence critical infrastructure and collaborate with relevant partners to share security and resilience-related information within the sector, as appropriate.

Are crucial coordination hubs, bringing together prevention, protection, mitigation, response, and recovery authorities, capabilities, and resources among local jurisdictions, across sectors, and between regional entities.

Make the following statement True by filling in the blank from the choices below: Regional organizations play an important partnership role in the critical infrastructure security and resilience community because they ____. A. Develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well.

Which of the following are examples of critical infrastructure interdependencies? A. Reliance on information and communications technologies to control production

Distributed nature of critical infrastructure operations, supply and distribution systems

Public and private sector partners work collaboratively to develop plans and policies

Commuter use of Global Positioning Service (GPS) navigation to avoid traffic jams

All of the above

PPD-21 prescribes Sector Specific Agencies with all of the following roles and responsibilities, EXCEPT: A. Serve as a day-to-day Federal interface for the dynamic prioritization and coordination of sector-specific activities

Ensure that funding priorities are addressed and that resources are allocated efficiently and effectively

Provide, support, or facilitate technical assistance and consultations for a specific sector to identify vulnerabilities and help mitigate incidents, as appropriate

Carry out incident management responsibilities consistent with statutory authority and other appropriate policies, directives, or regulations

Under which category in the NIPP Call to action does the following activity fall: Determine Collective Actions through Joint Joint-Planning Efforts A. Innovate in Managing Risk

Focus on Outcomes

Build Upon Partnership Efforts

Which of the following critical infrastructure partners offer an additional mechanism to engage with a pre-existing group of private sector leaders to obtain feedback on critical infrastructure policy and programs, and to make suggestions to increase the efficiency and effectiveness of specific government programs. A. Advisory Councils

State and Regionally Based Boards, Commissions, Authorities, Councils, and Other Entities

Academia and Research Centers

Federal and State Regulatory Agencies

The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT? A. Leverage incentives to advance security and resilience

Promote infrastructure, community, and regional recovery following incidents

Determine collective actions through joint planning efforts

Set national focus through jointly developed priorities

Empower local and regional partnerships to build capacity nationally

Which of the following statements describes the benefits of information sharing? A. Information sharing enhances owners’ and operators’ ability to assess risks, make prudent security investments and develop appropriate resilience strategies.

Information sharing enhances government’s ability to adjust its information collection, analysis, synthesis and dissemination activities based on the needs of the private sector.

The increasing availability of data and information essential to operating and maintaining infrastructure and related technologies enables more efficient and effective practices.

Multidirectional information sharing enhances owners and operators ability to assess risks, make prudent security investments and develop appropriate resilience strategies

All of the Above

What NIPP 2013 element provide a basis for the critical infrastructure community to work jointly to set specific national priorities? A. Call to Action

Risk Management Framework

Partnership Model

Mission, vision, and goals.

Core Tenets

All of the following statements are Key Concepts highlighted in NIPP 2013 EXCEPT: A. Having accurate information and analysis about risk is essential to achieving resilience.

The Nation’s critical infrastructure is largely owned and operated by the private sector; however, Federal and SLTT governments also own and operate critical infrastructure, as do foreign entities and companies.

Risk management and prevention and protection activities contribute to strengthening critical infrastructure security and resilience.

Developing partnerships with private sector stakeholders is an option for consideration by government decisionmakers ultimately responsible for implementing effective and efficient risk management.

The National Plan establishes seven Core Tenets, representing the values and assumptions the critical infrastructure community should consider when conducting security and resilience planning. A. TRUE

FALSE

Consisting of officials from the Sector-specific Agencies and other Federal departments and agencies, this forum facilitates critical infrastructure security and resilience communication and coordination across the Federal Government. A. Sector Coordinating Councils (SCC)

Regional Consortium Coordinating Council (RC3)

Federal Senior Leadership Council (FSLC)

State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)

Make the following statement True by filling in the blank from the choices below: State and territorial governments play an important partnership role in the critical infrastructure security and resilience community because they ____. A. Develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well.

Which of the following statements describes how the NIPP fosters information sharing at all levels between private sector owners and operators and their government counterparts? A. Multidirectional information sharing enhances owners and operators ability to assess risks, make prudent security investments and develop appropriate resilience strategies

Voluntary collaboration is the primary mechanism for advancing collective action toward national critical infrastructure security and resilience.

When the Government understands private sector information needs, it can adjust its information collection, analysis, synthesis and dissemination activities accordingly.

When the private sector is assured that the critical infrastructure information that it shares with the government will be protected from release or disclosure, the Nation’s critical infrastructure protection capabilities will be enhanced.

All of the Above

Dependencies and interdependencies emerging from complex cyber capabilities and limitations is an example of which risk element? A. Human

Vulnerability

Consequence

Threat

Which of the following documents best defines and analyzes the numerous threats and hazards to homeland security? A. The Strategic National Risk Assessment (SNRA)

Presidential Policy Directive 21

The National Strategy for Information Sharing and Safeguarding

NIPP 2013 Supplement: Incorporating Resilience into Critical Infrastructure Projects

The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT: A. Leverage incentives to advance security and resilience

Promote infrastructure, community and regional recovery following incidents

Determine collective actions through joint planning efforts

Set national focus through jointly developed priorities

Empower local and regional partnerships to build capacity nationally

Under which category in the NIPP Call to action does the following activity fall: Analyze Infrastructure Dependencies, Interdependencies and Associated Cascading Effects A. Innovate in Managing Risk

Focus on Outcomes

Build Upon Partnership Efforts

All of the following terms describe key concepts in the NIPP EXCEPT: A. Defense

Security

Critical Infrastructure

Resilience

None of the Above

For what group of stakeholders are the following examples of activities suggested: Build Upon Partnership Efforts; Innovate in Managing Risk; Focus on Outcomes A. State, Local, Tribal, and Territorial Government Executives

Private Sector Companies

First Responders

All of the Above

NIPP framework is designed to address which of the following types of events? A. A blackout affecting the Northeast

Disruptions to infrastructure systems that cause cascading effects over multiple jurisdictions

Long term risk management planning to address prolonged floods and droughts

Cyber intrusions resulting in physical infrastructure failures and vice versa

All of the above

All of the following statements about the importance of critical infrastructure partnerships are true EXCEPT A. The Federal, State, local, tribal and territorial government is ultimately responsible for managing all risks to critical infrastructure for private and public sector partners; regional entities; non-profit organizations; and academia.

Critical infrastructure partners require efficient sharing of actionable and relevant information among partners to build situational awareness and enable effective risk-informed decisionmaking

To achieve security and resilience, critical infrastructure partners must leverage the full spectrum of capabilities, expertise and experience across the critical infrastructure community and associated stakeholders.

The critical infrastructure partnership community involved in managing risks is wide-ranging, composed of owners and operators; Federal, State, local, tribal and territorial governments; regional entities; non-profit organizations; and academia.

The sector and cross-sector partnership model is intended to promote consistency of process to enable efficient collaboration between disparate parts of the critical infrastructure community, while allowing for the use of other viable partnership structures and planning processes. A. TRUE

FALSE

This forum promotes the engagement of non-Federal government partners in National critical infrastructure security and resilience efforts and provides an organizational structure to coordinate across jurisdictions on State and local government guidance, strategies and programs. A. Sector Coordinating Councils (SCC)

Regional Consortium Coordinating Council (RC3)

Federal Senior Leadership Council (FSLC)

State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)

These sector-specific forums serve as principal collaboration points between the government and private sector owners and operators for critical infrastructure security and resilience policy coordination and planning and a range of related sector-specific activities. A. Sector Coordinating Councils (SCC)

Regional Consortium Coordinating Council (RC3)

Federal Senior Leadership Council (FSLC)

State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)

ALL of the following statements directly to one of the seven NIPP 2013 core tenets EXCEPT: A. Security and resilience should be considered during the design of assets, systems and networks.

Hazard assessments draw on theoretical scenarios and deductive reasoning about future natural hazards to assess the likelihood or frequency of various hazards.

Managing risk requires sharing information, promoting efficient and effective use of resources and minimizing duplication of effort.

The way infrastructure sectors interact shapes how the Nation’s critical infrastructure partners should collectively manage risk.

Partnerships are crucial to developing shared perspectives on gaps and actions to improve critical infrastructure security and resilience.

Within the NIPP Risk Management Framework, the interwoven elements of critical infrastructure include A. Set goals, identify Infrastructure, and measure effectiveness

Threat, vulnerability, and consequence

Information sharing and the implementation steps

Human , cyber, and physical

None of the Above

PPD-21 recommends critical infrastructure owners and operators contribute to national critical infrastructure security and resilience efforts through a range of activities, including all of the following EXCEPT: A. Establish continuity plans and programs that facilitate the performance of lifeline functions during an incident

Sponsor critical infrastructure security and resilience-related research and development, demonstration projects, and pilot programs

Develop and coordinate emergency response plans with appropriate Federal and SLTT government authorities

Perform critical infrastructure risk assessments; understand dependencies and interdependencies; and develop emergency response plans