Online - TÜV SÜD - Functional Safety Certified

Professional in accordance with EN 5012X

Report Summary
Name : Jose Ignacio Gonzalez Rodriguez
Your Score : 44 out of 140 (31.43%)
Correct Answers : 44 Questions
Incorrect Answers : 16 Questions
Unanswered : 0 Questions
Required Passing Grade (%) : 51%
Time Taken : 04 hrs
Date : Jan 16, 2024
Email : jigonzalez.fpe@gmail.com
Phone No. : +97156 9769968
Training Start Date : 23/11/2023
Training End Date : 26/11/2023

Your Answers

Incorrect Points earned: 0 out of 1

Q1) The FMEDA analysis is useful in

A. Proving the diagnostics are available in a system
B. Proving the ratio of dangerous failure and safe failure
C. Fault handling capability of the design of a product (Correct)
D. Proving that no dangerous fault goes undetected (Your Answer)(Incorrect)

Correct Points earned: 1 out of 1

Q2) The maintenance carried out after fault recognition and intended to put product
 into a state of working condition is called as:
A. Preventive maintenance
B. Maintenance management
C. Corrective maintenance (Your Answer)(Correct)
D. Condition based maintenance

Correct Points earned: 1 out of 1

Q3) Reliability of two subsystems 1& 2 are R1=0.99, R2= 0.95, what is unreliability of
subsystem 2, Q(t)=?
A. Q(t)=0.1
B. Q(t)=0.05 (Your Answer)(Correct)
C. Q(t)=0.01
D. Q(t)=0.0595

Correct Points earned: 1 out of 1

Q4) Which phase of Life cycle as per 50126 recommends to perform Preliminary RAM
analysis
A. Concept Phase
B. System Definition Phase (Your Answer)(Correct)
C. Design phase
D. Verification and Validation

Correct Points earned: 1 out of 1

Q5) FRACAS stands for

A. Failure Rate and Consequence Analysis System
B. Fault Reaction and Consequence Analysis
C. Failure Reporting and Corrective Action System (Your Answer)(Correct)
D. None of the above

Incorrect Points earned: 0 out of 1

Q6) Which statement is false?

 A. Safety Plan is updated several times in a product life cycle phase
B. Hazard and Risk analysis to be repeated in all the phases of product Life Cycle (Correct)
C. Overall RAMS requirements is apportioned to subsystems and components
D. Safety case document is required to show the evidence that the RAMS requirements are met
(Your Answer)(Incorrect)

Correct Points earned: 1 out of 1

Q7) Safety Requirement specification shall be achieved by

A. Hazard Identification and Analysis,
B. Risk Assessment and Classification,
C. allocation of Safety Integrity Levels
D. All of the above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q8) High reliability in design assures high safety in the system

A. Yes
B. No (Your Answer)(Correct)

Incorrect Points earned: 0 out of 1

Q9) In case of a single failure function

A. TFFR and THR are identical (Correct)
B. TFFR≠THR
C. TFFR≤THR (Your Answer)(Incorrect)
D. TFFR≥THR

Correct Points earned: 1 out of 1

Q10) Assurance of correct software functionality to adhere to clauses given in

A. EN 50126
B. EN 50128 (Your Answer)(Correct)
C. EN 50129
D. ISO 9001
Correct Points earned: 1 out of 1

Q11) Cause and Effect diagrams are recommended for

A. Deriving the reliability of a system
B. Carrying out maintenance of a system
C. Derivation of factors affecting Railway RAMS (Your Answer)(Correct)
D. None of the above

Correct Points earned: 1 out of 1

Q12) Technical concepts of availability is based on

A. Reliability
B. Maintainability
C. Operation and Service
D. All of the above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q13) Deliverables in the phase 2- system definition are as follows

A. System definition
B. RAM plan
C. Safety plan
D. All above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q14) A COTS item cannot be accepted as a SIL product

A. True
B. False (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q15) About Life Cycle Cost (LCC) – Mark the statement which is not true
A. Assessing total cost of the product over its total span of the life of the product
B. Helpful in making a logical business decision
 C. Customers can evaluate and compare alternative products
D. LCC always provides solutions to RAMS. (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q16) Mark the statement which is false

A. RAMS specification to specify Reliability target and safety target
B. Reliability target is derived from safety target. (Your Answer)(Correct)
C. Planned unavailability is referred to as Maintenance
D. Unplanned unavailability is referred to as Repair

Incorrect Points earned: 0 out of 1

Q17) By the end of System acceptance phase Assessment RAM validation should be
completed
A. True (Correct)
B. False (Your Answer)(Incorrect)

Incorrect Points earned: 0 out of 1

Q18) Safety case document is the same as safety justification document

A. True (Correct)
B. False (Your Answer)(Incorrect)

Correct Points earned: 1 out of 1

Q19) Safety case is necessary to justify that the system as designed and independent
of application, meets safety requirements
A. True (Your Answer)(Correct)
B. False

Correct Points earned: 1 out of 1

Q20) Software maintenance is essential

 A. In order to ensure that the SW performance preserves the SIL requirements (Your
Answer)(Correct)
B. To avoid random failures
C. To avoid systematic failures
D. As part of quality audit

Correct Points earned: 1 out of 1

Q21) The Fault Tree Analysis is useful in

A. Identification of all Single point and dual point failures by Cutset Analysis
B. Identification of Common causes
C. Estimating the probability of failure of the tope event
D. All of the above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q22) RAMS stand for

A. Railways And Metro Systems
B. Reliability And Maintainability Systems
C. Reliability, Availability, Maintainability and Safety (Your Answer)(Correct)
D. Reliability, Availability, Maintenance and Safety

Incorrect Points earned: 0 out of 1

Q23) Random failures are addressed by

A. Setting up a target value to be met by the design in terms of reliability (Correct)
B. Using a good safety standard
C. Carrying out reliability prediction
D. Using regular audit / reviews and assessments (Your Answer)(Incorrect)

Incorrect Points earned: 0 out of 1

Q24) Means to achieve RAMS requirements are based on

A. Using a good tool to maintain requirements (Your Answer)(Incorrect)
B. Minimise the probability of occurrence of an impairment (Correct)
 C. Lower the severity of consequences of an impairment
D. Use of MIL graded components

Correct Points earned: 1 out of 1

Q25) The factors which will influence RAMS:

A. System Conditions
B. Operating Conditions
C. Maintenance Conditions
D. All the above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q26) In case of a single failure function

A. TFFR and THR are identical (Your Answer)(Correct)
B. TFFR≠THR
C. TFFR≤THR
D. TFFR≥THR

Incorrect Points earned: 0 out of 1

Q27) In the “V”- Model testing of the product is planned in parallel with a corresponding
phase of development in V-Model
A. True (Correct)
B. False (Your Answer)(Incorrect)

Incorrect Points earned: 0 out of 1

Q28) Concept Phase activity does not include

A. System Understanding
B. Management structure to implement RAMS (Correct)
C. Risk Analysis with Hazard Log (Your Answer)(Incorrect)
D. RAMS requirements on Similar systems

Points earned: 0 out of 1

Incorrect

Q29) Hazard log to be established and maintained throughout the life cycle of a product
if it is
A. SIL 1 and SIL 2
B. SIL 3 and SIL 4
C. SIL1, SIL 2, SIL 3 and SIL4 (Correct)
D. None of the above (Your Answer)(Incorrect)

Incorrect Points earned: 0 out of 1

Q30) Systematic faults could be handled in product design

A. By satisfying the Target system reliability
B. By having a good quality management system (Your Answer)(Incorrect)
C. Having right technical measures in place to avoid systematic fault (Correct)
D. By writing a operational instructions for the product

Incorrect Points earned: 0 out of 1

Q31) Software Safety requirements are derived from

A. The technical safety aspects of the system (Correct)
B. The system description
C. Risks identified based on the Hazard Analysis (Your Answer)(Incorrect)
D. Hardware safety requirements

Correct Points earned: 1 out of 1

Q32) Safety Integrity Level is the

A. Quantitative Measure of the hazard
B. Qualitative Measure of safety
C. Qualitative measure of Risk due to a hazard (Your Answer)(Correct)
D. Qualitative measure of requirements

Incorrect Points earned: 0 out of 1

Q33) Apportionment of system requirements refers to
A. Specify the designated sub-systems, components and external facilities to achieve complete
system RAM requirements. (Correct)
B. Allocating functional requirements to the designated subsystems and components
C. Allocating Safety requirements to all the designated subsystems and components
D. All of the above (Your Answer)(Incorrect)

Correct Points earned: 1 out of 1

Q34) Which one of the following statement not to be considered for functional safety
analysis?
A. Entrance of a train on a track when the signal was not given
B. Over speed of the train could not be controlled
C. Pedestrian slips and falls on the track while crossing the track (Your Answer)(Correct)
D. Passenger fall due to metro door opening during the run.

Correct Points earned: 1 out of 1

Q35) The failure mode failure rate of a Relay in its dangerous mode is 0.5 x 10^(-9).
The dangerous mode of failure is detected with diagnostic coverage 80%. The
dangerous failure detected is
A. 0.10 x 10^(-9)
B. 0.40 x 10^(-9)\ (Your Answer)(Correct)
C. 0.001x 10^(-9)
D. 0.04 x 10^(-9)

Correct Points earned: 1 out of 1

Q36) Common cause failures are of concern when

A. Redundant measures are used to enhance reliability (Your Answer)(Correct)
B. When two systems with independent failure mechanisms are used
C. Two Redundant sensors are powered by Individual power supplies.
D. A single software component is used for executing a function

Correct Points earned: 1 out of 1

Q37) Power supply failure to two motors provided as redundancy in a design is a case
of
A. Cascading failure
B. Common cause failure (Your Answer)(Correct)
C. Dependent failure
D. None of the above

Incorrect Points earned: 0 out of 1

Q38) The Safety Assessor for Safety verification and validation can be
A. Part of customer organization or Supplier organization
B. The safety authority to approve the choice of the assessor (Correct)
C. The safety assessor shall report directly to safety authority
D. Independent from project team (Your Answer)(Incorrect)

Correct Points earned: 1 out of 1

Q39) If the tolerable hazard risk of a hazard is between 10^(-7) and 10 ^ (-6) then it is
A. SIL 1
B. SIL 2 (Your Answer)(Correct)
C. SIL 3
D. SIL 4

Correct Points earned: 1 out of 1

Q40) Dependent failure –

A. Is the same as cascading failure
B. Is an alternate term for common cause failure
C. Failures whose probability of simultaneous occurrence cannot be expressed as the simple
product of the unconditional probabilities (Your Answer)(Correct)
D. None of the above

Incorrect Points earned: 0 out of 1

Q41) Risk is defined as the product of

A. Severity and Consequence (Your Answer)(Incorrect)
 B. Probability of occurrence and likelihood of control
C. Severity and Probability of occurrence (Correct)
D. Hazard probability and control of the hazard

Correct Points earned: 1 out of 1

Q42) The frequency of occurrence of a partial break failure of a rolling stock is

described as “Likely to occur sometime in the system life cycle, This hazard is
reasonably expected to occur can be categorized as
A. Remote (Your Answer)(Correct)
B. Frequent
C. Incredible
D. Probable

Incorrect Points earned: 0 out of 1

Q43) The safety analysis normally used in proving the RAMS requirements are
A. Reliability prediction
B. FTA, FMECA and Root cause analysis (Your Answer)(Incorrect)
C. Failure mode and Effect Diagnostic Analysis
D. All of the above (Correct)

Correct Points earned: 1 out of 1

Q44) Which fault is Systematic failure from below

A. Indexing outside array bounds
B. Ignoring the first element (say treating a 0-indexed array as a 1-indexed)
C. Invalid or inconsistent initialization
D. All Above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q45) For Safety acceptance one shall provide

A. Safety case document (Your Answer)(Correct)
B. Evidence of quality management, safety management, functional and technical safety
C. Safety plan and RAMS plan
 D. Proof of RAMS targets being met

Correct Points earned: 1 out of 1

Q46) Principal ways to reduce RAM risk can be as follows

A. Improvement in reliability, so that fewer failures occur with consequently fewer occasions for loss
B. Improvement in availability, so that when a failure does occur the resulting loss is smaller.
Incredible
C. Both a & b (Your Answer)(Correct)
D. Risk cannot be reduced by improving RAM

Correct Points earned: 1 out of 1

Q47) MTTF is the metric for Reliability and MTTR is the metric for Maintainability
A. True (Your Answer)(Correct)
B. False

Correct Points earned: 1 out of 1

Q48) Design and coding standards are

A. Highly recommended for SIL1, SIL2, SIL 3, and SIL 4
B. Highly recommended for SIL 0, SIL 1, SIL2 and Mandatory for SIL3 and SIL 4 (Your
Answer)(Correct)
C. Highly recommended for SIL 0, SIL1 and Mandatory for SIL 2 , SIL 3 and SIL 4
D. Highly recommended for all the SILs

Correct Points earned: 1 out of 1

Q49) Tool Qualification is essential to

A. As a requirement of ISO 9001
B. To get confidence with the tool supplier so that repeat orders could be placed.
C. To get confidence that the output from the tool does not have adverse effect on the safety (Your
Answer)(Correct)
D. As a requirement of internal audit, review and assessment

Points earned: 1 out of 1

Correct

Q50) Two requirements to achieve functional safety

A. Hazard Occurrence
B. Safety function (Your Answer)(Correct)
C. Safety integrity level (Your Answer)(Correct)
D. Fail safe in the design

Correct Points earned: 1 out of 1

Q51) The main objective of SW architectural design

A. Helps in classifying safety related and non-safety related SW components
B. Helps in apportioning the SW requirements equally to SW component requirements
C. Helps in organizing the software components in a structured way to develop the Software as per
the requirements (Your Answer)(Correct)
D. Helps in reducing the complexity of the Software development

Correct Points earned: 1 out of 1

Q52) For a given railway system Availability requirement is 0.99, after analysis it is
found MTBF =24000 KMs, what should be MTTR so that it can meet the
availability requirement, train runs 120 Kms in a day.
A. MTTR = 1 day
B. MTTR=2 days (Your Answer)(Correct)
C. MTTR=2 Hours
D. MTTR=1 Hour

Correct Points earned: 1 out of 1

Q53) Technical concepts of Safety is based on

A. Possible hazards in a system (Your Answer)(Correct)
B. Severity of the hazard and its consequences
C. Reliability of the critical components in the system
D. None of the above

Correct Points earned: 1 out of 1

Q54) A safe state is a condition
A. Which continues to preserve safety (Your Answer)(Correct)
B. Which continues to preserve safety without compromising performance
C. Which will never fail
D. Failure frequency is remote

Correct Points earned: 1 out of 1

Q55) Risk Category corresponding to a hazard which is Occasional in occurrence and

leading to Critical consequence
A. Tolerable
B. Intolerable
C. Undesirable (Your Answer)(Correct)
D. Negligible

Correct Points earned: 1 out of 1

Q56) Any modification in the design demands a relook into hazard log
A. True (Your Answer)(Correct)
B. False

Correct Points earned: 1 out of 1

Q57) The tasks under Software assurance are

A. SW Testing
B. SW Verification and Validation
C. SW Assessment and Qualification
D. All of the above (Your Answer)(Correct)

Correct Points earned: 1 out of 1

Q58) The depth of assessment and degree of independence in a safety approval

depends on the
A. The discretion of the project manager
B. The discretion of the Safety manager
C. The SIL assigned to the product (Your Answer)(Correct)
 D. The discretion of the approval authority

Correct Points earned: 1 out of 1

Q59) The purpose of Safety Qualification tests are

A. Unique means of demonstration of safety
B. To prove the failure free operation under all operational conditions
C. To gain increased confidence that the specified reliability and safety targets have been achieved
(Your Answer)(Correct)
D. to gain increased confidence that the system/sub-system/equipment fulfils its specified
operational requirements,

Correct Points earned: 1 out of 1

Q60) Risk reduction can be achieved by

A. Using highly reliable components
B. Using good design practice based on the safety requirements
C. Using monitoring functions
D. All of the above (Your Answer)(Correct)

Type_Essay Points earned: 0 out of 8

Q61) Three functional configuration options which are basically comparable in cost are
being considered for a particular segment of a system. These options are:
 Your answer
Option III. R=0.99

Type_Essay Points earned: 0 out of 8

Q62) Observe the System block diagram given below

Sl. Elemen
No.

1 Pressure
Transmitter
2 Isolator

3 Trip amplifie
configuration
 4 Isolator

5 Actuator

a. Calculate the MTTR

b. Calculate the Reliability of individual Elements, assume t=24 hours and
exponential distribution
c. Calculate the system Reliability for the RBD
d. Assuming all the blocks in series, calculate availability of the system
Your answer
a. MTTR=1.09 hr

b.
R1=0.9907; MTBF1=2560
R2=0.9716; MTBF2=833
R3=0.8096; MTBF=114
R4=0.9997; MTBF=83333
R5=0.7866; MTBF=100

c. Rs=0.730
d. As= 0.9892

Type_Essay Points earned: 0 out of 8

Q63) Identify level of independence required for a SIL 2 product and list down all HR
activities in Design & Development phases
Your answer
A. DES independent of VER or VAL, both reporting to the PM and can be of the same
organization. ASSR totally independent and different organization.
B. Structured Design and Modularisation

Type_Essay Points earned: 0 out of 8

Q64) Observe the rolling stock picture and their parts, prepare a hazard log, hazards
can be written from your experience, engineering judgement and imaginative, but
follow proper template
 Your answer
One line provided for illustration
Unmitigated Mitigated
Subsys. Hazard Cause Conseq. Freq. Risk Risk Mit. Conseq. Freq. Risk Clos.

Descriptive Example
- Subsystem: Floor
- Hazard: Seat materials not compliant with standards for ignition resistance, flame spread and
smoke and toxicity generation, when exposed to a fire. In case of a fire on board, the floor can
contribute to increase the fire size, and spread it to other seats, while generating smoke and toxic
gases that can cause casualties.
- Cause: Overheating of uninsulated electrical equipment, arsonism.
- Unmitigated conseq: Catastrophic
- " freq.: Occassional
- " risk: Intolerable
- Risk Mitigation: Using seat manufacturing materials and systems compliant with EN 45545 for
the required hazard level.
- Mitig. conseq: Marginal
- Mitig. freq: Improbable
- Mitig. risk: Negligible
- Clos.: "Closed" (Negligible is acceptable)

Type_Essay Points earned: 0 out of 8

Q65) Observe below Fault Tree and

a. Find the train –train collision probability?

b. How many single point failures are present?
 c. If Avoidance of collision is a safety function, what SIL level this system can
achieve if you consider only Random failures

Your answer
A: P= 3.43E-6
B: 8. Each one can be a single point failure (i.e., OR gate).
C: Random failures can be due to human error or technical failures (e.g., failures of hardware,
software, etc.). If we consider this, we might assume that environmental conditions (outside of the
design boundaries) is he only cause that can be random. The SIL level for 3.5E-7 would be SIL 2,
compared to the overall SIL (3.43E-6) which will be SIL 1.

Type_Essay Points earned: 0 out of 8

Q66) Calculate the probability of rare end collision

 Failure rates of basic events are as follows
FR (B4)= 1.2*10^-09
FR(B5)=9.8*10^-09
FR(B6=7.2*10^-09
FR(B7)=1.8*10^-09
FR(B9)=1.8*10^-10
FR(B10)=2.8*10^-11
Your answer
PG3=1.1E-10
PG4=9.0E-9
PG2=9.9E-17
PG5=2.08E-10

PG1 (Top Event)=2.08E-10

Type_Essay Points earned: 0 out of 8

Q67) Given the table below on possible hazard triggering conditions while the train is
moving. Map it to the appropriate consequence / Consequences by marking (x) in
the appropriate cell Hazard ID Hazard Triggering condition Consequence Collision
Derailment Death/Injury Fire/Smoke Electrocution Other HAZ-1 Objects on the
Guideway HAZ-2 People Trespassing HAZ-3 Extreme weather condition (Ice,
Extreme cold, Heavy rainfall, Excessive Foliage) HAZ-3 Train movement with
doors open HAZ-4 Failure or distortion of guideway, sleepers or ballast slip HAZ-5
Reduced brake performance HAZ-6 Train doors trap person or object and train
moves off whilst person still trapped HAZ-7 Person attempts to open a door and
jump out while the train is moving HAZ-8 Overcrowding of platforms in
underground stations HAZ-9 Pantograph suddenly lowered and lost the contact
with catenary w HAZ-10 Emergency brake failure HAZ-11 Train is automatically
moved to an area (e.g. station or tunnel where there is a fire or other HAZ-12
Signaling system failure to detect the presence of another train in the same track
where the train is running
Your answer
Note: The consequence initials will be used for simplicity.

HAZ1: COL,DER, D/I.

HAZ2: D/I
HAZ3: COL, DER, D/I
HAZ3b: D/I
HAZ4: COL, DER, D/I
HAZ5: COL, DER, D/I
HAZ6: D/I
HAZ7: D/I
HAZ8: D/I
HAZ9: COL?, OT (Train moving with loss of contact of pantograph, retracted, assumed into a
safe position, can cause the train to sto; Potential collision if another train is coming and do not
notice the stopped train)
 HAZ10: COL, DER, D/I
HAZ11: D/I, FIR
HAZ12: COL, DER, D/I

Type_Essay Points earned: 0 out of 8

Q68) Calculate the cyclomatic complexity for the following logic –

Your answer
This topic was not given in the program...

Type_Essay Points earned: 0 out of 8

Q69) Calculate the System Reliability

 Your answer
Rs=0.82

Type_Essay Points earned: 0 out of 8

Q70) Carry out FMECA analysis for the components present in the system described in
question 1 for the components present in the system.

Your answer
Not sure what the components were for "question 1" (I presume that it will be the same as the
ones represented above. I'll develop a simple example of FMECA for rolling stock - RSK -
(critical) failure:

A table will be created with these headings (simplified), followed by an example (e.g., RSK brake
cable failure).

- Function: Brake cable sends the signal from the train desk to brake system.
- Fail. Mode: Brake cable breaks (no replaced iin the preventive maintenance, due to
maintenance human error).
- Fail. Effects: The train driver cannot stop the train.
- Effects Severity: Catastrophic (a rating number will be assigned; e.g., 9/10)
- Fail. Cause: Cable not replaced during preventive maintenance, due to a human error
(maintenance crew forgot to replace the cable). Aging of the cable cause its breakage.
- Fail. Cause Probability: Probable (Rating assigned, like the above; e.g., 7/10)
- Design Controls: Redundant cable, detection of broken cable.
- Detection: High chance of cable breackage detection (ranking e.g., 9/10)
- Risk Priority Number: A risk priority number will be assigned relative to other risks.

Powered by TCPDF (www.tcpdf.org)