Alabama Critical Infrastructure Protection
Examination Prep 2026 – Practice Questions,
Answers & Detailed Rationales
1. What is the primary goal of Critical Infrastructure Protection
(CIP)?
A. Increase industrial output
B. Reduce staffing costs
C. Ensure the reliability and security of essential systems
D. Expand private sector ownership
Rationale: The primary goal of CIP is to ensure that essential services
such as energy, water, transportation, and communications remain
secure, resilient, and continuously operational, especially during
threats or disruptions.
2. Which organization is most associated with electric sector CIP
standards in the U.S.?
A. OSHA
B. EPA
C. NERC
D. FDA
Rationale: The North American Electric Reliability Corporation (NERC)
develops and enforces CIP reliability standards for the bulk electric
system.
3. SCADA systems are primarily used for:
,A. Payroll processing
B. Industrial monitoring and control
C. Social media analytics
D. Customer billing
Rationale: SCADA (Supervisory Control and Data Acquisition) systems
are used to monitor and control industrial infrastructure such as
power grids and pipelines.
4. What is a key characteristic of “defense in depth”?
A. Single firewall protection
B. Outsourcing all security
C. Multiple overlapping layers of security controls
D. Eliminating user access controls
Rationale: Defense in depth uses multiple layers of physical, technical,
and administrative controls to reduce risk if one layer fails.
5. Which is considered a cyber-physical system?
A. Paper filing system
B. SCADA-controlled dam gate system
C. Manual cash register
D. Typewriter system
Rationale: Cyber-physical systems integrate computing and physical
processes, such as SCADA systems controlling infrastructure.
6. Insider threats are best described as:
A. Foreign satellites
B. Hackers outside the organization
, C. Employees or contractors with authorized access who misuse it
D. Natural disasters
Rationale: Insider threats come from individuals within the
organization who have legitimate access but exploit it maliciously or
negligently.
7. The purpose of access control is to:
A. Increase internet speed
B. Restrict system access to authorized individuals only
C. Eliminate passwords
D. Improve hardware performance
Rationale: Access control ensures only authorized users can access
systems, data, or facilities.
8. Which is an example of physical security control?
A. Antivirus software
B. Firewall
C. Security guard and badge system
D. Encryption algorithm
Rationale: Physical security includes guards, locks, fences, and badge
systems that protect facilities from unauthorized entry.
9. The DHS agency responsible for critical infrastructure security is:
A. FEMA
B. FBI
C. CISA
D. DEA
Examination Prep 2026 – Practice Questions,
Answers & Detailed Rationales
1. What is the primary goal of Critical Infrastructure Protection
(CIP)?
A. Increase industrial output
B. Reduce staffing costs
C. Ensure the reliability and security of essential systems
D. Expand private sector ownership
Rationale: The primary goal of CIP is to ensure that essential services
such as energy, water, transportation, and communications remain
secure, resilient, and continuously operational, especially during
threats or disruptions.
2. Which organization is most associated with electric sector CIP
standards in the U.S.?
A. OSHA
B. EPA
C. NERC
D. FDA
Rationale: The North American Electric Reliability Corporation (NERC)
develops and enforces CIP reliability standards for the bulk electric
system.
3. SCADA systems are primarily used for:
,A. Payroll processing
B. Industrial monitoring and control
C. Social media analytics
D. Customer billing
Rationale: SCADA (Supervisory Control and Data Acquisition) systems
are used to monitor and control industrial infrastructure such as
power grids and pipelines.
4. What is a key characteristic of “defense in depth”?
A. Single firewall protection
B. Outsourcing all security
C. Multiple overlapping layers of security controls
D. Eliminating user access controls
Rationale: Defense in depth uses multiple layers of physical, technical,
and administrative controls to reduce risk if one layer fails.
5. Which is considered a cyber-physical system?
A. Paper filing system
B. SCADA-controlled dam gate system
C. Manual cash register
D. Typewriter system
Rationale: Cyber-physical systems integrate computing and physical
processes, such as SCADA systems controlling infrastructure.
6. Insider threats are best described as:
A. Foreign satellites
B. Hackers outside the organization
, C. Employees or contractors with authorized access who misuse it
D. Natural disasters
Rationale: Insider threats come from individuals within the
organization who have legitimate access but exploit it maliciously or
negligently.
7. The purpose of access control is to:
A. Increase internet speed
B. Restrict system access to authorized individuals only
C. Eliminate passwords
D. Improve hardware performance
Rationale: Access control ensures only authorized users can access
systems, data, or facilities.
8. Which is an example of physical security control?
A. Antivirus software
B. Firewall
C. Security guard and badge system
D. Encryption algorithm
Rationale: Physical security includes guards, locks, fences, and badge
systems that protect facilities from unauthorized entry.
9. The DHS agency responsible for critical infrastructure security is:
A. FEMA
B. FBI
C. CISA
D. DEA
