In accordance with the Enforcement Decree of the Act on Physical Protection and Radiological Emergency, operators of Nuclear Power Plants (NPP)s must conduct full cyber security exercise once a year and partial exercise at least once every half year. Nuclear operators need to conduct exercise on systems with high attack attractiveness in order to respond to the unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities. Nuclear facilities identify digital assets that perform SSEP (Safety, Security, and Emergency Preparedness) functions as CDA (Critical Digital Assets), and nuclear operators select exercise target systems from the CDA list and perform the exercise. However, digital assets that have an indirect impact (providing access, support, and protection) from cyber attacks are also identified as CDAs, and these CDAs are relatively less attractive to attack. Therefore, guidelines are needed to select the exercise target system in the case of unauthorized removal of nuclear or other radioactive material and sabotage response exercise. In the case of unauthorized removal of nuclear or other radioactive material, these situations cannot occur with cyber attacks and external factors such as terrorists must be taken into consideration. Therefore, it is necessary to identify the list of CDAs that terrorists can use for cyber attacks among CDAs located in the path of stealing and transporting nuclear material and conduct intensive exercise on these CDAs. A typical example is a security system that can delay detection when terrorists attack facilities. In the case of sabotage exercise, a safety-related system that causes an initiating event by a cyber attack or failure to mitigate an accident in a DBA (Design Basis Accident) situation should be selected as an exercise target. It is difficult for sabotage to occur through a single cyber attack because a nuclear facility has several safety concepts such as redundancy, diversity. Therefore, it can be considered to select an exercise target system under the premise of not only a cyber attack but also a physical attack. In the case of NPPs, it is assumed that LOOP (Loss of Offsite Power) has occurred, and CDA relationships to accident mitigation can be selected as an exercise target. Through exercise on the CDA, which is more associated with unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities, it is expected to review the continuity plan and check systematic response capabilities in emergencies caused by cyber attacks.