Week 8

Question 1

All of the following statements characterize SIS EXCEPT
a. Total engineering knowledge and skills typically require a multi-disciplined
team.
b. Risk management encompasses a variety of methodologies.
c. A systematic, well-documented design process is required.
d. Prescriptive SIS standards are required.

Answer 1

d. Prescriptive SIS standards are required.

Question 2

Which statement BEST describes the different technology logic systems used in
safety systems?
a. Pneumatic systems are appropriate when extensive self-diagnostics are
required for critical applications.
b. Relay systems include specific features for testing, bypasses, and
communications.
c. Software-based systems provide flexibility, self-documentation,
communications, and higher-level interfaces.
d. Solid state systems are most suitable for large applications when budget is the
primary consideration.

Answer 2

c. Software-based systems provide flexibility, self-documentation,
communications, and higher-level interfaces.

Question 3

A line fuse has been blown. It was a time delay type. You should replace it with a unit
rated at
a. the same amp value and time delay.
b. a higher amp value and lower time delay.
c. a higher amp value and higher time delay.
d. a lower amp value and lower time delay.

Answer 3

a. the same amp value and time delay.

Question 4

Clothing manufacturing plant locations in which easily ignitable fibers or materials
producing combustible flyings are present during processing are included in the
National Electric Code (NEC) Article 500
a. Class II, Division 1.
b. Class II, Division 2.
c. Class III, Division 1.
d. Class III, Division 2.

Answer 4

c. Class III, Division 1.

Question 5

The BEST way to accommodate differences in international and national safety
practices and ensure the safe use and application of electrical equipment is to
a. retain an independent laboratory to audit the system before commissioning.
b. ensure system compatibility with other surrounding units.
c. increase baseline insulation and partitions whenever high voltages are
present.
d. select, install, and use equipment in accordance with local standards and
codes.

Answer 5

d. select, install, and use equipment in accordance with local standards and
codes.

Question 6

A Markov model is used to determine successful system operation as a function of
operating time interval. The resulting computation indicates system
a. mission time.
b. steady-state availability.
c. reliability.
d. probability of success.

Answer 6

b. steady-state availability.

Question 7

An important reason for following a systematic safety design life cycle is to
a. minimize inevitable human error.
b. provide a documented, auditable trail of all decisions.
c. validate assumptions about the operation of the controlled system.
d. specify roles and responsibilities of all engineers involved in the design
process.

Answer 7

b. provide a documented, auditable trail of all decisions.

Question 8

The two failure modes of most concern for safety systems are
a. sensor thermocouple burnout and narrow sensor diagnostic coverage.
b. sensor corrosion and leaking trip valves in final elements.
c. sensor responses to erratic outputs and solenoid reliability in final elements.
d. sensor nuisance trips and sensor failures to respond to changes in actual
conditions.

Answer 8

d. sensor nuisance trips and sensor failures to respond to changes in actual
conditions.

Question 9

The noise reduction concept that attempts to ensure that floor metalwork is at the
same electrical potential at all frequencies is the
a. equipotential plane.
b. chassis/cabinet ground.
c. suppression of mechanical contacts.
d. filtering of differential lines.

Answer 9

a. equipotential plane.

Question 10

Which statement BEST describes the importance of defining the actual temperature
class for electrical circuits prior to their installation?
a. To ensure that equipment will not become a source of thermal ignition
b. To establish the range of surface temperatures during operation to prevent
equipment failures
c. To fulfill conformity requirements specified in construction rules
d. To ensure that the highest temperature reached by a part does not exceed the
T4 class

Answer 10

a. To ensure that equipment will not become a source of thermal ignition

Question 11

According to National Electric Code (NEC) Article 500 classifications, locations
where dust clouds of potentially flammable concentrations are present under normal
operating conditions are included in
a. Class I, Division 1.
b. Class I, Division 2.
c. Class II, Division 1.
d. Class II, Division 2.

Answer 11

c. Class II, Division 1.

Question 12

During the design of a safety system for a pipeline, engineers brainstorm what-if
scenarios that could potentially require that specific sections or the entire installation
be shut down safely. This best describes which design life cycle step?
a. Risk assessment
b. Development of safety requirement specifications
c. Allocation of protective layers
d. Hazard analysis

Answer 12

d. Hazard analysis

Question 13

Common terms used to quantify dangerous failures include
a. probability of failure on demand (PFD) and nuisance trip rates.
b. probability of failure on demand (PFD), risk reduction factor (RRF), and safety
availability (SA).
c. mean time between failure, spurious (MTBFsp), nuisance trip rates, and safety
availability (SA).
d. mean time between failure, spurious (MTBFsp), and risk reduction factor
(RRF).

Answer 13

b. probability of failure on demand (PFD), risk reduction factor (RRF), and safety
availability (SA).

Question 14

Which of the following is the most effective technique to reduce system noise
sources based on a heavy magnetic field component?
a. Use ferrous shielding throughout system.
b. Incorporate redundancy in control measures, simplex in communications.
c. Segregate panel components into at least two zones.
d. Use ground shields at both ends.

Answer 14

a. Use ferrous shielding throughout system.

Question 15

Which statement BEST describes the importance of defining the actual class, group,
and division of locations in which electrical apparatus is to be installed?
a. To identify how positive mechanical ventilation can prevent auto-ignition of
combustible materials
b. To reduce issues with alarm management systems
c. To know what the energy allowances are
d. To be in compliance with electric codes and standards

Answer 15

c. To know what the energy allowances are

Question 16

Once a temperature class is established, the International Electrotechnical
Commission (IEC) designations for marking apparatus specify that a pressurization
system that disconnects the power to ignition-capable apparatus in Division 2
require
a. increased system periodic inspections.
b. a single alarm.
c. an interlock and an alarm.
d. extra inspections to ensure enclosure integrity.

Answer 16

b. a single alarm.

Question 17

The objective of periodic inspection and testing in SIS applications (when the
mission time is equal to the time between period inspection and test) is to
a. check operations in a closed loop system with verifiable feedback.
b. prioritize risks so catastrophic and critical risks can be eliminated or controlled.
c. optimize safety throughout all phases of the system life cycle.
d. calculate the probability of failure on demand.

Answer 17

d. calculate the probability of failure on demand.

Question 18

A multi-disciplinary team of engineers ranks the potential hazards of new devices to
control the safe transmission of communications data for a subsea gas pipeline. This
best describes which design life cycle step?
a. Risk assessment
b. Development of safety requirement specifications
c. Allocation of protective layers
d. Hazard analysis

Answer 18

a. Risk assessment

Question 19

The mission of the Abnormal Situation Management® (ASM®) Consortium is BEST
described as
a. to develop products and services to effectively manage and test changes
made to safety systems.
b. to promote research and development that minimizes failure rates of field
devices.
c. to identify problems resulting from industrial plant incidents and to develop
solutions.
d. to share best practice modeling techniques used to analyze and predict safety
system performance.

Answer 19

c. to identify problems resulting from industrial plant incidents and to develop
solutions.

Question 20

Electromagnetic coupling problems in the electrical installation of a programmable
electronic device can be reduced by
a. separation of signals by voltage level.
b. mounting to eliminate vibration and ground currents.
c. a cone of protection for all PE devices and related wiring.
d. wireless electrical distribution metering.

Answer 20

a. separation of signals by voltage level.

Question 21

Intrinsically safe protection implies that
a. explosive gases are isolated from the electrical equipment by the positive
pressure of air or inert gas inside an enclosure.
b. the amount of power available to the electrical equipment in the hazardous
area is limited to a level below that which will ignite a flammable material.
c. ignition capable elements are sealed in an encapsulant to prevent exposure to
flammable liquids.
d. an explosion inside an enclosure is contained and not transmitted to the
outside flammable atmosphere.

Answer 21

b. the amount of power available to the electrical equipment in the hazardous
area is limited to a level below that which will ignite a flammable material.

Question 22

To maintain safe pressurized protection when purging is not automatic, a user
should
a. ensure that joints are clean and undamaged before covers are replaced.
b. ensure that changes to the installation or addition of a new device do not
violate installation rules.
c. enforce rules against energizing before ensuring that an enclosure is free of
explosive materials.
d. ensure that all bolts and threaded joints are corrosion-free.

Answer 22

c. enforce rules against energizing before ensuring that an enclosure is free of
explosive materials.

Question 23

What is the direct outcome of using failure modes, effects, and diagnostic analysis
(FMEDA) with a new pressure transmitter (a smart device with self-diagnostics)?
a. Probably causes of a system failure at the lowest level
b. Probably causes of a system failure at the highest level
c. Functional safety certification of the device
d. Failure rates for each important SIF category

Answer 23

d. Failure rates for each important SIF category

Question 24

Which statement describes the allocation of safety functions to protective layers?
a. Multiple, independent safety layers are the best defense.
b. Inner layers mitigate the consequences of a hazardous event in progress.
c. The further out the layer, the more tolerable the level of risk.
d. Safety systems must be closely integrated with control systems.

Answer 24

a. Multiple, independent safety layers are the best defense.

Question 25

Which of the following situations would MOST likely be considered by the Abnormal
Situation Management® (ASM®) Consortium?
a. Risk analysis best practices from oil refineries and chemical plants
b. Equipment degradation or failures in processing environments leading to
critical conditions or catastrophes
c. Modeling techniques to analyze and predict safety system performance in
pharmaceutical and biotechnology manufacturing environments
d. Alarm rate metrics for performance classifications following a plant upset

Answer 25

b. Equipment degradation or failures in processing environments leading to
critical conditions or catastrophes

Question 26

The most cost-effective method of mitigating the effects of deep voltage sags on
programmable electronic devices and preventing power interruptions or shutdowns
in critical industrial manufacturing processes is
a. adherence to power line conditioning requirements.
b. installation of uninterrupted power supply (UPS) systems.
c. the use of voltage regulators.
d. the use of surge suppressors.

Answer 26

b. installation of uninterrupted power supply (UPS) systems.

Question 27

A primary difference between Type ma and Type mb protection is
a. Type ma has more robust construction requirements than Type mb.
b. Type ma requires certified assembly of apparatus; Type mb does not.
c. Type ma apparatus is more sensitive to ambient conditions during operation
than Type mb.
d. Type ma apparatus mandates a protective enclosure; Type mb is rated for
unprotected mounting.

Answer 27

b. Type ma requires certified assembly of apparatus; Type mb does not.

Question 28

An operator needs to learn about alarm practices for redundant transmitters. Which
information should the operator consult?
a. Current good manufacturing practices (cGMP)
b. HMI design guidance documentation
c. Guidance on basic configuration practices
d. Advanced techniques for managing alarms

Answer 28

c. Guidance on basic configuration practices

Question 29

The simulation of operating stress conditions typical for an industrial field
environment detects the high and low failure rates for a pressure transmitter. Why is
it important to classify these rates as safe or dangerous?
a. To determine when a single component failure will fail the entire system
b. To determine and set appropriate alarm trip levels
c. To trigger appropriate calibration and diagnostic procedures
d. To identify the specific cause of a failure rate

Answer 29

b. To determine and set appropriate alarm trip levels

Question 30

Which of the following statements BEST describes the range of allocated safety
functions to protective layers?
a. Prevention and detection activities to emergency response activities
b. Active/dynamic process control to passive/dormant safety control
c. Containment layers to acceptable risk layers
d. Inner prevention layers to outer mitigation layers

Answer 30

d. Inner prevention layers to outer mitigation layers

Question 31

A system is programmed and tested according to the I/O requirements, functional
logic, and the SIL documented in an SRS. In spite of successful redundant manual
tests, a systemic or functional failure results after commissioning. Which of the
following is MOST likely the cause for this failure?
a. Lack of objective safety function modifications after commissioning
b. Impact of other surrounding units on the system processes
c. Error made in the design life cycle logic for safety specifications
d. Flawed hazard and risk analysis

Answer 31

c. Error made in the design life cycle logic for safety specifications

Question 32

Safety requirements for equipment use where explosive concentrations of gas,
vapor, or dust might be present are
a. standardized across nations and subject to strict oversight by a third party.
b. superimposed on general purpose safety standards.
c. not recommended to be done by a CAP.
d. regulated by independent laboratories.

Answer 32

b. superimposed on general purpose safety standards.

Question 33

Type e protection includes all of the following construction features EXCEPT
a. Temperature class must be T2 or higher.
b. Stator-rotor gaps are wider than normal.
c. Coils must be impregnated.
d. Terminals must maintain a low resistance connection.

Answer 33

a. Temperature class must be T2 or higher.

Question 34

Self-diagnostics indicate that some functionality for a smart device is impaired but
that functionality is not needed. In a failure rate database, this event would MOST
likely be classified as
a. annunciation detected.
b. fail no effect.
c. fail-dangerous.
d. fail-safe.

Answer 34

b. fail no effect.

Question 35

Which of the following would NOT typically be included as a protection layer in an
SIS?
a. Public relations systems for crisis management
b. Automatic shutdown system
c. Physical containment systems
d. Alarm system

Answer 35

a. Public relations systems for crisis management

Question 36

Which statement BEST describes the different technology logic systems used in
safety systems?
a. Relay systems are appropriate when extensive self-diagnostics and reliable
redundancy schemes are required.
b. Discrete component systems are decreasing in popularity due to their high
cost and the need to manually change documentation.
c. Pneumatic systems include specific features for testing, bypasses, and
communications.
d. Software-based systems are most suitable for large applications when budget
is the primary consideration.

Answer 36

b. Discrete component systems are decreasing in popularity due to their high
cost and the need to manually change documentation.

Question 37

Which of the following specifications would NOT typically be included in
documentation dealing with protection against electric shock?
a. Installation diagrams to prevent accidental exposure of live parts
b. Enclosures to contain equipment arcs or sparks
c. Hazardous area classification requirements
d. Minimum clearances between conductive parts to prevent short circuiting

Answer 37

c. Hazardous area classification requirements

Question 38

A user purchases and installs a manual motor protector in accordance with the
manufacturer’s installation instructions and the applicable National Electric Code
(NEC) installation code. These actions represent which one of the following
protection concepts?
a. Energy-limited
b. Device-oriented
c. Intrinsically safe
d. System-oriented

Answer 38

b. Device-oriented

Question 39

A device failure goes undetected by internal diagnostics; it does not directly impact
safety but it does impact the ability to detect a future fault in a diagnostic circuit. In a
failure rate database, this failure would MOST likely be classified as
a. fail-safe.
b. fail-dangerous undetected.
c. no effect.
d. annunciation undetected.

Answer 39

d. annunciation undetected.

Question 40

Performance-oriented categorizations of risk probability and severity are often used
to determine the
a. mean time between failure (MTBF) for a process unit.
b. safety integrity level (SIL) for each safety function.
c. safety requirements specifications.
d. allocation of safety layers.

Answer 40

b. safety integrity level (SIL) for each safety function.

Question 41

Which of the following techniques, if it can be utilized, is the MOST cost-effective in
minimizing the effects of electrical noise resulting from high frequency (HF) signals?
a. Shielding
b. Separation
c. Filtering
d. Grounding

Answer 41

b. Separation

Question 42

According to National Electric Code (NEC) Article 500 classifications, locations
where ignitable concentrations of flammable gases or vapors are present under
normal operating conditions are included in
a. Class I, Division 1.
b. Class I, Division 2.
c. Class II, Division 1.
d. Class II, Division 2.

Answer 42

a. Class I, Division 1.

Question 43

As shown in the figure below, ungrounded intrinsically safe circuits must
a. not contain voltages higher than the Um rating for the apparatus.
b. have protective barrier assemblies.
c. not have any nonintrinsically safe devices connected to the barrier.
d. be dust ignition-proof and have a dust tight enclosure.

Answer 43

b. have protective barrier assemblies.

Question 44

Which safety integrated function (SIF) metric is best used when periodic inspection,
test, and repair is done?
a. Average probability of failure on demand (PFDavg)
b. Risk reduction factor (RRF)
c. Mean time to fail spurious (MTTFS)
d. Probability of failure on demand (PFD)

Answer 44

a. Average probability of failure on demand (PFDavg)

Question 45

Is the statement “the system must be easy to use” a good example of a safety
requirements specification (SRS)?
a. Yes, because specific safety functions for each system will vary
b. No, because it is not testable
c. No, because it is expressed in natural language and not modifiable
d. Yes, because it is simple and understandable

Answer 45

b. No, because it is not testable

Question 46

Which of the following practices increases the effectiveness of shielding in
combating high frequency (HF) noise?
a. Grounding both ends of the shield
b. Coiling surplus cable to minimize inductance
c. Trimming surplus cable
d. Grounding the transmission end of the shield

Answer 46

a. Grounding both ends of the shield

Question 47

According to National Electric Code (NEC) Article 500, requirements for ignitable
concentrations of flammable gases or vapors normally confined within closed
containers or closed systems from which they can escape only in case of accidental
rupture or breakdown of such containers or systems, or in case of abnormal
operation of equipment, are included in
a. Class I, Division 1.
b. Class II, Division 1.
c. Class II, Division 2.
d. Class I, Division 2.

Answer 47

d. Class I, Division 2.

Question 48

Which of the following device labels specifies class, zone, protection type, gas
group, and temperature code?
a. EEx ia IIC, T4
b. EX d e mb IIC, T4
c. Class I, Groups C, D, Division 2 T6
d. Class I, Zone 1, AEx m IIC, T6

Answer 48

b. EX d e mb IIC, T4

Question 49

Two safety transmitters are wired to monitor flow rates, liquid levels, and pressures
in a processing plant and convert the sensor data into a signal for transmission to
another location. This architecture is a good way to ensure
a desired SIL 2 of instrumented safety functions because
a. standby sensing and switching is automatic.
b. multiple transmitters measure one variable.
c. multiple transmitters decrease reliability.
d. costs for redundancy are less than a “safe” system failure.

Answer 49

b. multiple transmitters measure one variable.

Question 50

Documentation of periodic SIS testing and maintenance procedures
a. facilitates ongoing hazard analysis.
b. provides an auditable trail.
c. provides performance data useful for eventual decommissioning of the system.
d. sets baseline data to assess the impact of any proposed process modifications

Answer 50

b. provides an auditable trail.

Question 51

The neutral in the office distribution system of a manufacturing facility has
overheated to the point of burning through the undersized neutral. What is one
probable cause?
a. Use of 277V fluorescent lamps
b. 230 volt air conditioners in windows
c. Cat 5 Ethernet cable switches
d. Too many PC switching supplies on one line

Answer 51

d. Too many PC switching supplies on one line

Question 52

In hazardous material classification systems used in North America and the
European Community, the terms class, group, or material group define
a. the probability of the location having a flammable concentration of hazardous
material present.
b. the type of the hazardous material present.
c. whether the material would become hazardous in case of an accident or
abnormal operating condition.
d. whether the hazardous material is present under normal operating conditions.

Answer 52

b. the type of the hazardous material present.

Question 53

Which of the following is NOT characteristic of product nameplate markings on
electrical equipment used in locations where fire or explosion hazards may exist?
a. Class and zone markings are optional in Canada.
b. The label may include the symbol of the certifying authority and an approval
document number.
c. Symbols for conformance to International Electrotechnical Commission (IEC)
standards are always included.
d. If more than one type of protection is used, only the symbol for the more
robust requirement is shown.

Answer 53

d. If more than one type of protection is used, only the symbol for the more
robust requirement is shown.