6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

NAME

7 Matching questions

A. d is the correct answer. The PFD is calculated from the equation

1. Which of the following methods of analysis is best
PFD = 1-exp(-1 x failure rate x test period). Using a rate of 0.4/year
characterized as a very systematic method, based on a top-down
approach that starts with the harmful consequence and works back to and a test period of 1 year gives a PFD of 0.33.

possible causes?
B. d is the correct answer. All of the items are true except it IV. A SIL2

a. Checklist system must have a PFDavg between 0.001 and 0.01 to provide a risk
reduction factor of 100 to 1000.

b. Fault Tree
C. a is the correct answer. The primary purpose is to detect a
c. Failure Modes and Effects Analysis dangerous failure of the equipment. It is true that a stuck valve is a
potentially dangerous failure but only one of many. It is true that a
d. HAZOP record of the test performance and results must be kept but that is
not the primary purpose

2. What is the PFD of a piece of equipment with a failure rate of

D. d is the correct answer. All of the items listed except length are
0.4 per year with an annual testing schedule?
specified requirements of good documentation

a. 0.60
E. B

b. 0.40
F. a is the correct answer. A SIL specifies required risk reduction to an
c. 0.16 order of magnitude level. A SIL does not specify the level of risk, it
states risk reduction.
d. 0.33
G. e is the correct answer. All of the items listed are commonly used

3. Which of the following are specified requirements of good categories in a risk graph analysis.

documentation?
• I. Sufficient information
• II. Accuracy
• III. Length
• IV. Easy to understand
a. II and IV

b. I and II

c. all four items

d. I, II and IV

4. Which of the following are typical categories for a risk graph?

a. Consequence magnitude

b. Probability of avoiding the hazard if in its effect zone

c. Occupancy probability

d. Demand rate or frequency of the hazard.

e. all of the above

https://quizlet.com/13027835/test 1/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

5. Which of the following are true?

• I. A SIL2 system provides more risk reduction than a SIL1 system
• II. A low demand mode SIL1 system can have a probability of failure
on demand of 0.08.
• III. A SIL3 system provides less risk reduction than a SIL4 system.
• IV. A low demand mode SIL2 system can have a probability of failure
on demand of 0.08.

a. only I, II and IV

b. only II and III

c. only I and II

d. only I, II and III

6. Why does one select a SIL?

a. to specify an order of magnitude risk reduction target

b. to demonstrate compliance with laws

c. to specify the level of risk

d. to categorize the hazard consequence

7. The primary purpose of a periodic inspection and test is to:

a. detect dangerous failures of SIS equipment

b. verify that the logic still functions

c. check for stuck valves

d. record that a test has been completed

7 Multiple choice questions

https://quizlet.com/13027835/test 2/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

1. C

Tolerable risk levels have been established at PLL = 0.001 fatalities per year. A process unit has an unmitigated risk estimate of PLL = 0.4. What
is the required risk reduction factor?

a. 400

b. 4000

c. 0.001

A. d. cannot be calculated with given information

A system has a probability of failure (one failure mode) of 0.01 for a one year mission time. What is the probability of success for a ten year
mission time?

a. 0.1

b. 0.9

c. 0.9044

d. 0.99

B. e. 0.0954

If a safety system is expected to activate about once every six to nine months and it is fully recertified every two years, it is:
a. High demand

C. b. Low demand

When does the safety life cycle end?

a. It never ends

b. When the project is fully commissioned

c. When the safety system is decommissioned

D. d. When the safety system is proven in use

https://quizlet.com/13027835/test 3/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

2. D

Which of the following statements are true?

• I. Validation is an activity that only applies after the installation of the SIS
• II. Validation is an activity that only applies after the installation of the SIS
• III. FAT can be considered part of validation
• IV. Engineering review of the SIS can be considered part of validation
a. I only

b. 1, II, and III

c. III

A. d. I, II, and IV

Which of the risk measures listed below is MOST useful in designing a safety system for a piece of equipment?

a. Individual risk

b. Geographic risk

c. Societal risk

B. d. Corporate reputation risk

Which of the following methods is not usually part of the analysis phases of the safety life cycle?

a. Layer of Protection Analysis (LOPA)

b. SIL Verification Analysis

c. HAZOP

C. d. Risk Analysis

Which of the following information is generally required for a proper hazards analysis?
• I. Data on the hazards of the materials used in the process
• II. Piping and Instrumentation Diagrams
• III. Data on any existing safety systems
• IV. Project budget
a. II and III

b. I and III

c. all four items

D. d. I, II and III

https://quizlet.com/13027835/test 4/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

3. Failure of two or more channels in the same way, causing the same erroneous result

A. Common Mode Failure

Markov models are an analysis technique used to:

a. Calculate probability of systems behavior

b. Estimate SIL level of a hazard

c. Calculate availability

B. d. Calculate Safe Failure Fraction of an instrument

C. IEC61511-2

D. IEC61508-3 ANNEX B

4. Measurs to reduce or mitigate the risks, which are seperate and distinct from the SIS

Which of the following are typical categories for a risk graph?

a. Consequence magnitude

b. Probability of avoiding the hazard if in its effect zone

c. Occupancy probability

d. Demand rate or frequency of the hazard.

A. e. all of the above

B. Safety Lifecycle - Analysis Phase

C. External Risk Reduction Facilities

What is the purpose of a SRS according to the IEC 61508?

a. To comply with the standard.

b. To provide functional and integrity requirements for safety functions.

c. To meet relevant legal requirements.

D. d. To help perform the management of functional safety activities

https://quizlet.com/13027835/test 5/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

5. a is the correct answer. The first statement is the only false one, the standards require a plan to achieve specific results rather than have a
specific structure

What is the purpose of integration as part of the design process?

a. It insures that the hardware and software systems function properly together

b. It insures different working groups fit together well.

c. It insures the different design functions happen sequentially

A. d. It considers both the equipment and its control system as a single unit.

Which of the following is true of functional safety assessment?

• I. A specific level of independence of the assessors is required.
• II. There must be a functional safety assessment plan.
• III. The assessment is best if is conducted entirely after the equipment in question is placed in service.
• IV. It fulfills both checking and surveillance functions.
a. only I, II and III

b. only I, II and IV

c. all four items

B. d. only I, III and IV

Which of the following are statements are true?

• I. The IEC standards require a specific planning structure rather than a specific results-based plan.
• II. The standards require an FSM plan to include verification and validation plans
• III. A FSM plan should clearly lay out roles and responsibilities for its execution.
• IV. A FSM plan should lay out a clear documentation structure.
a. only II, III and IV

b. only III and IV

c. all four items

C. d. only I, III and IV

Which of the following is false regarding the difference between event tree and layer of protection analysis?

a. Layer of protection analysis only calculates the probability of the undesired harmful result.

b. Both methods use probability multiplication from the logical 'AND' linking the intermediate events or protection layers

c. Event trees use probability of failure on demand while LOPA does not.

D. d. LOPA tends to be a more structured form of event tree analysis.

https://quizlet.com/13027835/test 6/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

6. It can be very costly if not impossible to change the piping and wiring after installation if the SIF does not meet the target SIL.
Answer: b - false

SIF verification is best done after the equipment is installed

a) True

A. b) False

NFPA has a team of inspectors that must check every combustion equipment installation prior to startup.

a. True

B. b. False

C. Quantitative Assessment (i.e. fault tree or process demand)

Potential hazards in combustion equipment vary significantly with fuel type.

a. True

D. b. False

7. Answer a. There are different hazards with each fuel type as detailed in NFPA and other standards therefore different SIF are required.

Potential hazards in combustion equipment vary significantly with fuel type.

a. True

A. b. False

Carbon Monoxide detectors provide fire detection:

a. much faster than smoke detectors

b. when the fire emits small invisible smoke particles

c. that works best with flammable liquids

B. d. when no flame is visible

The FM7610 standard has been replaced by:

a. FM7605

b. ISA 84.01

c. IEC 61511

C. d. All of the above

SIF verification calculations show that the sensor subsystem is always the biggest contributor to PFDavg and therefore the greatest safety
issue.

a. True

D. b. False

6 True/False questions

https://quizlet.com/13027835/test 7/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

1. Framework, definitions, system, hardware and software requirements → Two types of Risk Analysis

True

False

2. Answer a. Only two symbols are used, a circle and an arrow.  → a permissive is a SIF that:
• I. Permits an action only if dangerous conditions are not present
• II. Takes action when dangerous conditions are present
• III. Asks an operator for confirmation
• IV. A method of managing changes in a BMS
a. I

b. II

c. III or IV

d. IV

True

False

3. Part 3, Clause 7 includes software safety lifecycle requirements: 7.1: General requirements
7.2: Software safety requirements specification
7.3: Software safety validation planning
7.4: software design and development
7.5: programmable electronics integration (hw and sw)
7.6: software operation and modification procedures
7.7: software safety validation
7.8: software modification
7.9: software verification → IEC-61508 SIS Vendor Software Quality Plan

True

False

4. Answer: b
The standards do reflect the good engineering practice but they need not be followed if they are not legislated by regulating
authorities. → For SIS, national & international standards need to be followed because:

a. They are safety related

b. They only need to be followed if they are legislated by government authorities

c. They are published by recognized authorities

d. They reflect good engineering practice

e. a, b & d

True

False

https://quizlet.com/13027835/test 8/9
6/28/2019 Test: FUNCTIONAL SAFETY EXAM REVIEW | Quizlet

5. Answer b. Most flame detectors detect electromagnetic energy in the UV and/or IR spectrum → Flame detectors utilize:

a. photoelectric sensors

b. UV and/or IR sensors

c. dual chamber resistive sensors

d. capacitive sensors

True

False

6. Answer b. Steam demand drives to firing rate. As the need for steam goes up, more fire is needed  → In the Analysis phase of the Safety
Lifecycle, hazards are identified and risks are assessed. If risk exceeds tolerable risk levels, risk reduction is required. Risk reduction is specified
in terms of order of magnitude levels called "Risk Magnitude Levels."

a. True

b. False

True

False

https://quizlet.com/13027835/test 9/9