Final Exam for: IS-921.a: Implementing Critical Infrastructure Security and Resilience
1. Which of the following threats should we prioritize the highest when managing risk?
A. Threats with the greatest consequences should they occur B. Threats with the lowest probability of occurring C. Threats that are confined to residential neighborhoods D. Threats that are limited to publicly-owned infrastructure2. Which of the following is a benefit of critical infrastructure partnerships for owners and operators?
A. Partners automatically receive access to sensitive and classified threat information. B. Partners are eligible for subsidies under the National Infrastructure Protection Act. C. Partners receive timely and useful information about threats to critical infrastructure. D. Information provided by partners can satisfy regulatory reporting requirements
.3. The following are examples of protective measures, EXCEPT FOR:A. Automating inventory functions. B. Installing security systems. C. Hardening facilities. D. Building system redundancies
.4. Complete the Statement: Critical infrastructure security and resilience plans should explicitly address the following topics, EXCEPT FOR.A. Partnership building and information sharing. B. Corrective actions. C. Roles and responsibilities. D. Risk management.
5. Complete the Statement: Continuous improvement activities provide the following benefits, EXCEPT FOR:A. They help to identify gaps in policies, plans, and procedures. B. They better prepare personnel to protect against potential threats. C. They enable participants to apply policies, plans, and procedures in a safe environment. D. They help to identify best practices from other industries
.6. Complete the Statement: The most effective protective programs have the following characteristics, EXCEPT FOR:A. Coordinated. B. Risk-informed. C. Delegated . D. Cost-effective.
7. What are the two factors used to evaluate reported information?A. The relevance of the information to terrorism or to other threats B. The reliability of the information and whether it is actionable C. The reliability of the source and the validity of the information D. The currency of the information and the evaluation of the source
8. What step is needed after information is collected?A. Validate information B. Establish information analysis centers C. Form public-private partnerships D. Determine information resources
9. What is government’s role when engaging owners and operators to form partnerships?A. Encouraging and providing incentives to owners and operators to take action to make critical infrastructure secure and resilient B. Creating partnerships that rely on civic engagement for critical infrastructure protection C. Developing relationships with government regulatory partners that include mechanisms for sharing mandatory data D. Working with owners and operators to enforce compliance with widely-held protective measures and practices
10. Complete the Statement: Critical infrastructure threat assessments should evaluate the following threats, EXCEPT FOR:A. Qualified workforce shortages. B. Drought. C. Cyber/database failures. D. Domestic terrorist attacks.
11. Complete the Statement: Exercises conducted with major stakeholders strengthen security and resilience capabilities by helping to:
A. Provide outreach and training resources to major stakeholders. B. Improve communications and promote consistency. C. Identify best practices through benchmarking. D. Exploit vulnerabilities and weaknesses in protective measures.
12. Complete the Statement: The responsibility for developing business continuity and emergency management plans to address the direct effects of incidents lies with:
A. The Federal Emergency Management Agency. B. The DHS Office of Infrastructure Protection. C. Sector Specific Agencies. D. Critical infrastructure owners and operators.
13. Complete the Statement: Implementation plans provide the following benefits, EXCEPT FOR
:A. They provide a schedule for the completion of actions. B. They identify specific actions that must be taken. C. They identify expected outcomes from corrective actions. D. They identify areas for improvement.
14. Which of the following provides a set of tools for owners and operators to assess critical infrastructure asset vulnerabilities?
A. The National Terrorism Advisory System B. The Homeland Security Exercise and Evaluation Program C. The Critical Infrastructure Resource Center D. The Automated Critical Asset Management System
15. Complete the Statement: Critical infrastructure partners focus their information collection efforts and lay the foundation for a common operating picture by:
A. Identifying information needs up front B. Participating in industry partnerships C. Registering in warning and alert programs D. Implementing the Critical Information Protection program
16. Complete the Statement: One of the key benefits of Protected Critical Infrastructure Information (PCII) is that it:A. Makes classified threat information available to owners and operators. B. Permits discovery under Federal, State, and local disclosure laws. C. Includes threat awareness materials tailored to a particular sector’s needs. D. Cannot be used for regulatory purposes.
17. Owner/operator concerns about sharing sensitive or proprietary information can be moderated by the following, EXCEPT FOR:
A. Developing and establishing agreements in advance about the use of shared information. B. Identifying classified information networks to protect proprietary information. C. Building confidence and trust over time. D. Leveraging existing public-private partnerships.
18. Complete the Statement: Risk management identifies how threats will be deterred
:A. Vulnerabilities eliminated, and consequences exploited. B. Vulnerabilities mitigated, and consequences minimized. C. Vulnerabilities eliminated, and consequences minimized. D. Vulnerabilities mitigated, and consequences exploited.
19. What document provides the unifying structure for the integration of critical infrastructure security efforts and resilience strategies into a single national program?A. The Sector-Specific Protection Plan B. The Critical Infrastructure Response Plan C. The National Infrastructure Protection Plan D. The Homeland Security Response Plan
20. The following statements are applicable to establishing partnership goals, EXCEPT FORA. Goals should help partners to identify specific risk-reduction strategies that will most significantly enhance security and resilience. B. Goals should help partners maintain a common vision of desired security and resilience criteria. C. Goals should reflect the broad security and resilience goals of the full range of partners. D. Goals should duplicate those met under existing emergency operations programs.