[36 Test Answers] FEMA IS-860C: The National Infrastructure Protection Plan

Here are the answers to FEMA IS-860.C: The National Infrastructure Protection Plan, An Introduction

Overview: FEMA IS-860.C was published on 7/21/2015 to ensure that the security and resilience of critical infrastructure of the United States are essential to the Nation’s security, public health and safety, economic vitality, and way of life.

The purpose of FEMA IS-860.C is to present an overview of the National Infrastructure Protection Plan (NIPP). The NIPP provides the unifying structure for the integration of existing and future critical infrastructure security and resilience efforts into a single national program.

Primary audience: The course is intended for DHS and other Federal staff responsible for implementing the NIPP, and Tribal, State, local and private sector emergency management professionals.

FEMA IS-860.C test answers

Each time this test is loaded, you will receive a unique set of questions and answers. The test questions are scrambled to protect the integrity of the exam.

Question 1. Which of the following are examples of critical infrastructure interdependencies?
A. Reliance on information and communications technologies to control production
B. Distributed nature of critical infrastructure operations, supply and distribution systems
C. Public and private sector partners work collaboratively to develop plans and policies
D. Commuter use of Global Positioning Service (GPS) navigation to avoid traffic jams
E. All of the above✅

2. Under which category in the NIPP Call to action does the following activity fall: Analyze Infrastructure Dependencies, Interdependencies and Associated Cascading Effects
A. Build Upon Partnership Efforts
B. Focus on Outcomes
C. Innovate in Managing Risk✅

3. Make the following statement TRUE by filling in the blank from the choices below: The NIPP risk management framework _____.
A. is designed to provide flexibility for use in all sectors, across different geographic regions, and by various partners.✅
B. can be tailored to dissimilar operating environments and applies to all threats and hazards.
C. supports a collaborative decision-making process to inform the selection of risk management actions.
D. Is applicable to threats such as disasters, manmade safety hazards, and terrorism.
E. All of the above

4. To which of the following critical infrastructure partners does PPD-21 assign the responsibility of leveraging support from homeland security assistance programs and reflecting priority activities in their strategies to ensure that resources are effectively allocated?
A. The Department of Homeland Security
B. Critical infrastructure owners and operators
C. Regional, State, local, Tribal, and Territorial jurisdictions✅
D. Other Federal departments and agencies

5. The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT?
A. Empower local and regional partnerships to build capacity nationally
B. Promote infrastructure, community, and regional recovery following incidents✅
C. Set national focus through jointly developed priorities
D. Determine collective actions through joint planning efforts
E. Leverage incentives to advance security and resilience

6. All of the following statements about the importance of critical infrastructure partnerships are true EXCEPT
A. The critical infrastructure partnership community involved in managing risks is wide-ranging, composed of owners and operators; Federal, State, local, tribal and territorial governments; regional entities; non-profit organizations; and academia.
B. Critical infrastructure partners require efficient sharing of actionable and relevant information among partners to build situational awareness and enable effective risk-informed decisionmaking
C. To achieve security and resilience, critical infrastructure partners must leverage the full spectrum of capabilities, expertise, and experience across the critical infrastructure community and associated stakeholders.
D. The Federal, State, local, tribal and territorial government is ultimately responsible for managing all risks to critical infrastructure for private and public sector partners; regional entities; non-profit organizations; and academia.✅

7. All of the following statements are Core Tenets of the NIPP EXCEPT:
A. Comparative advantage in risk mitigation
B. Domestic and international partnership collaboration✅
C. Coordinated and comprehensive risk identification and management
D. Security and resilience by design

8. Activities conducted during this step in the Risk Management Framework allow critical infrastructure community leaders to understand the most likely and severe incidents that could affect their operations and communities and use this information to support planning and resource allocation in a coordinated manner.
A. Set goals
B. Implement Risk Management Activities
C. Assess and Analyze Risks✅
D. Measure Effectiveness
E. Identify Infrastructure

9. TRUE or FALSE: The critical infrastructure risk management approach complements and supports the Threat and Hazard Identification and Risk Assessment (THIRA) process conducted by regional, State, and urban area jurisdictions.
A. TRUE✅
B. FALSE

10. Which of the following documents best defines and analyzes the numerous threats and hazards to homeland security?
A. NIPP 2013 Supplement: Incorporating Resilience into Critical Infrastructure Projects
B. Presidential Policy Directive 21
C. The National Strategy for Information Sharing and Safeguarding
D. The Strategic National Risk Assessment (SNRA)✅

11. For what group of stakeholders are the following examples of activities suggested: Become involved in a relevant local, regional sector, and cross-sector partnership; Work with the private sector and emergency response partners on emergency management plans and exercising; Share success stories and opportunities for improvement.
A. State, Local, Tribal, and Territorial Government Executives
B. Private Sector Companies
C. First Responders
D. All of the Above✅

12. The National Plan establishes seven Core Tenets, representing the values and assumptions the critical infrastructure community should consider when conducting security and resilience planning.
A. TRUE✅
B. FALSE

13. All of the following terms describe key concepts in the NIPP EXCEPT:
A. Defense✅
B. Security
C. Critical Infrastructure
D. Resilience
E. None of the Above

14. This forum promotes the engagement of non-Federal government partners in National critical infrastructure security and resilience efforts and provides an organizational structure to coordinate across jurisdictions on State and local government guidance, strategies, and programs.
A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)✅
B. Regional Consortium Coordinating Council (RC3)
C. Federal Senior Leadership Council (FSLC)
D. Sector Coordinating Councils (SCC)

15. Which of the following is the PPD-21 definition of Resilience?
A. The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.✅
B. The ability to stand up to challenges, work through them step by step, and bounce back stronger than you were before.
C. The process of adapting well in the face of adversity, trauma, tragedy, threats, or significant sources of stress
D. The ability of an ecosystem to return to its original state after being disturbed

16. The National Goal, “Enhance security and resilience through advance planning” relates to all of the following Call to Action activities EXCEPT:
A. Identify, Assess and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents
B. Leverage Incentives to Advance Security and Resilience
C. Improve Critical Infrastructure Security and Resilience by Advancing Research and Development Solutions
D. Promote Infrastructure, Community and Regional Recovery Following Incidents
E. Strengthen Coordinated Development and Delivery of Technical Assistance, Training and Education✅

17. Which of the following is the NIPP definition of Critical Infrastructure?
A. Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.✅
B. Essential services for effective function of a nation which are vital during an emergency, natural disasters such as floods and earthquakes, an outbreak of virus or other diseases which may affect thousands of people or disrupt facilities without warning.
C. The basic facilities, services, and installations needed for the functioning of a community or society, such as transportation and communications systems, water and power lines, and public institutions including schools, post offices, and prisons.
D. Fundamental facilities and systems serving a country, city, or area, such as transportation and communication systems, power plants, and schools.

18. Make the following statement True by filling in the blank from the choices below: Critical infrastructure owners and operators play an important partnership role in the critical infrastructure security and resilience community because they ____.
A. are crucial coordination hubs, bringing together prevention, protection, mitigation, response, and recovery authorities, capabilities, and resources among local jurisdictions, across sectors, and between regional entities.✅
B. include a variety of public-private sector initiatives that cross-jurisdictional and/or sector boundaries and focus on prevention, protection, mitigation, response, and recovery within a defined geographic area.
C. have unique responsibilities, functions, or expertise in a particular critical infrastructure sector (such as GCC members) assist in identifying and assessing high-consequence critical infrastructure and collaborate with relevant partners to share security and resilience-related information within the sector, as appropriate.
D. develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well.

19. PPD-21 recommends critical infrastructure owners and operators contribute to national critical infrastructure security and resilience efforts through a range of activities, including all of the following EXCEPT:
A. Perform critical infrastructure risk assessments; understand dependencies and interdependencies; and develop emergency response plans
B. Sponsor critical infrastructure security and resilience-related research and development, demonstration projects, and pilot programs✅
C. Develop and coordinate emergency response plans with appropriate Federal and SLTT government authorities
D. Establish continuity plans and programs that facilitate the performance of lifeline functions during an incident

20. All of the following statements refer directly to one of the seven NIPP 2013 core tenets EXCEPT:
A. Risks often have local consequences, making it essential to execute initiatives on a regional scale in a way that complements and operationalizes the national effort.
B. Infrastructure critical to the United States transcends national boundaries, requiring cross-border collaboration, mutual assistance, and other cooperative agreements.
C. Training among stakeholders enhances the capabilities of government and private sector to meet critical infrastructure security and resilience✅
D. Gaining knowledge of infrastructure risk and interdependencies requires information sharing across the critical infrastructure community.

21. Within the NIPP Risk Management Framework, the interwoven elements of critical infrastructure include
A. Set goals, identify Infrastructure, and measure the effectiveness
B. Threat, vulnerability, and consequence
C. Information sharing and the implementation steps
D. Human, cyber, and physical✅
E. None of the Above

22. All of the following statements are Key Concepts highlighted in NIPP 2013 EXCEPT:
A. Developing partnerships with private sector stakeholders is an option for consideration by government decision-makers ultimately responsible for implementing effective and efficient risk management.✅
B. The Nation’s critical infrastructure is largely owned and operated by the private sector; however, Federal and SLTT governments also own and operate critical infrastructure, as do foreign entities and companies.
C. Risk management and prevention and protection activities contribute to strengthening critical infrastructure security and resilience.
D. Having accurate information and analysis about risk is essential to achieving resilience.

23. To achieve security and resilience, critical infrastructure partners must:
A. Leverage the full spectrum of capabilities, expertise, and experience across the critical infrastructure community and associated stakeholders.✅
B. Implement an integration and analysis function within each organization to inform partners of critical infrastructure planning and operations decisions.
C. Restrict information-sharing activities to departments and agencies within the intelligence community.
D. Support all Federal, State, local, tribal and territorial government efforts to effect national critical infrastructure security and resilience.

24. All of the following are strategic imperatives described by PPD-21 to drive the Federal approach to strengthen critical infrastructure security and resilience EXCEPT:
A. Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience
B. Coordinate with critical infrastructure owners and operators to improve cybersecurity information sharing and collaboratively develop and implement risk-based approaches to cybersecurity✅
C. Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure
D. Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government

25. TRUE or FALSE: The NIPP information-sharing approach constitutes a shift from a networked model to a strictly hierarchical structure, restricting distribution and access to information to prevent decentralized decision-making and actions.
A. TRUE
B. FALSE✅

26. This forum comprises regional groups and coalitions around the country engaged in various initiatives to advance critical infrastructure security and resilience in the public and private sectors
A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)
B. Regional Consortium Coordinating Council (RC3)✅
C. Federal Senior Leadership Council (FSLC)
D. Sector Coordinating Councils (SCC)

27. What NIPP 2013 element provide a basis for the critical infrastructure community to work jointly to set specific national priorities?
A. Core Tenets
B. Risk Management Framework
C. Mission, vision, and goals.✅
D. Partnership Model
E. Call to Action

28. Which of the following is the PPD-21 definition of Security?
A. Reducing the risk to critical infrastructure by physical means or defens[ive] cyber measures to intrusions, attacks, or the effects of natural or manmade disasters.✅
B. The protection of information assets through the use of technology, processes, and training.
C. Procedures followed or measures taken to ensure the safety of a state or organization
D. A financial instrument that represents: an ownership position in a publicly-traded corporation (stock), a creditor relationship with a governmental body or a corporation (bond), or rights to ownership as represented by an option.

29. NIPP framework is designed to address which of the following types of events?
A. A blackout affecting the Northeast
B. Disruptions to infrastructure systems that cause cascading effects over multiple jurisdictions
C. Long-term risk management planning to address prolonged floods and droughts
D. Cyber intrusions resulting in physical infrastructure failures and vice versa✅
E. All of the above

30. An understanding of criticality, essential functions and resources, as well as the associated interdependencies of infrastructure is part of this step in the Risk Management Framework:
A. Set goals
B. Implement Risk Management Activities
C. Assess and Analyze Risks
D. Measure Effectiveness
E. Identify Infrastructure✅

31. Which of the following activities that SLTT Executives Can Do support the NIPP 2013 Core Tenet category, “Build upon partnership efforts”?
A. Consider security and resilience when designing infrastructure.✅
B. Use existing partnership structures to enhance relationships across the critical infrastructure community.
C. Understand interdependencies.
D. Identify effective security and resilience practices.

32. Consisting of officials from the Sector-specific Agencies and other Federal departments and agencies, this forum facilitates critical infrastructure security and resilience communication and coordination across the Federal Government.
A. State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC)
B. Regional Consortium Coordinating Council (RC3)
C. Federal Senior Leadership Council (FSLC)
D. Sector Coordinating Councils (SCC)✅

33. Make the following statement True by filling in the blank from the choices below: Other Federal departments and agencies play an important partnership role in the critical infrastructure security and resilience community because they ____.
A. are crucial coordination hubs, bringing together prevention, protection, mitigation, response, and recovery authorities, capabilities, and resources among local jurisdictions, across sectors, and between regional entities.
B. include a variety of public-private sector initiatives that cross-jurisdictional and/or sector boundaries and focus on prevention, protection, mitigation, response, and recovery within a defined geographic area.
C. have unique responsibilities, functions, or expertise in a particular critical infrastructure sector (such as GCC members) assist in identifying and assessing high-consequence critical infrastructure and collaborate with relevant partners to share security and resilience-related information within the sector, as appropriate.✅
D. develop and implement security and resilience programs for the critical infrastructure under their control, while taking into consideration the public good as well.

34. Which of the following activities that Private Sector Companies Can Do support the NIPP 2013 Core Tenet category, “Innovate in managing risk”?
A. Establish relationships with key local partners including emergency management
B. Identify shared goals, define success, and document effective practices.
C. Adopt the Cybersecurity Framework.✅
D. Participate in training and exercises; Attend webinars, conference calls, cross-sector events, and listening sessions.

35. The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT:
A. Empower local and regional partnerships to build capacity nationally
B. Promote infrastructure, community, and regional recovery following incidents✅
C. Set national focus through jointly developed priorities
D. Determine collective actions through joint planning efforts
E. Leverage incentives to advance security and resilience

36. Which of the following critical infrastructure partners offer an additional mechanism to engage with a pre-existing group of private sector leaders to obtain feedback on critical infrastructure policy and programs, and to make suggestions to increase the efficiency and effectiveness of specific government programs?
A. Federal and State Regulatory Agencies
B. State and Regionally Based Boards, Commissions, Authorities, Councils, and Other Entities
C. Academia and Research Centers
D. Advisory Councils✅

Critical Infrastructure Security and Resilience Curriculum

Foundational courses

Security awareness courses

Sector-specific courses