9 - Physical (Environmental) Security Flashcards
(123 cards)
1
Q
- If an intruder is able to circumvent physical access security and is able to take over control of internal systems, what principle of security is violated?a. Availabilityb. Integrityc. Accountabilityd. Privacy
A
B: Loss of control over a system is a violation of integrity.
2
Q
- Which of the following is not a threat to physical security?a. Sabotageb. Toxic material releasec. Brute force password attacksd. Electromagnetic pulse
A
C: A brute force password attack is a violation of technical or logical security.
3
Q
- Which of the following is not considered a form of physical access control?a. Fencingb. Dogsc. Lightingd. CCTV
A
D: CCTV is considered a technical or logical access control.
4
Q
- Which of the following is an example of a physical security administrative control?a. Facility constructionb. fencingc. man trapsd. security guards
A
A: Facility construction is an example of a physical security administrative control.
5
Q
- Which of the following is not an example of a physical security technical control?a. access controlsb. personnel controlsc. intrusion detectiond. HVAC management
A
B: Personnel controls are an example of a physical security administrative control.
6
Q
- Which of the following is an example of a physical security technical control?a. lightingb. facility construction materialsc. fire detection and suppressiond. facility Selection
A
C: Fire detection and suppression is an example of physical security technical control.
7
Q
- Physical security is maintained through three types of controls. Which of the following is not one of these?a. Defensiveb. Physicalc. Technicald. Administrative
A
A: Defensive is not a type of physical security control.
8
Q
- The study of the facility infrastructure to determine what elements are essential to the support of physical security is known as?a. Risk analysisb. Critical path analysisc. Delphi techniqued. Collusion inspection
A
B: Critical path analysis is the study of the facility infrastructure to determine what elements are essential to the support of physical security.
9
Q
- Which of the following is not a physical security administrative control?a. Site constructionb. Personnel trainingc. Intrusion detection systemsd. Emergency response procedures
A
C: Intrusion detection systems is a physical security technical control.
10
Q
- When evaluating the security of a new facility or site, which of the following is the least important?a. costb. locationc. fire ratingd. local emergency services
A
A: Cost is the least important aspect when evaluating the security of a new facility or site.
11
Q
- Which of the following is the least important aspect of a secured server room?a. fire suppression systemb. human compatibilityc. temperature control systemd. efficient use of space (such as stacking machines)
A
B: Human compatibility is the least important aspect of a secured server room. In fact, server rooms are often very incompatible for humans.
12
Q
- When evaluating, selecting, and deploying physical security access controls, what is always the most important?a. costb. ease of maintenancec. protection of human safetyd. reliability
A
C: Protection of human safety is always the most important aspect of any security control.
13
Q
- Which of the following is not a physical security physical control?a. Fencingb. Lightingc. Data backupsd. Man traps
A
C: Data backups is a physical security technical control.
14
Q
- Which of the following is the least important aspect to consider when selecting a physical location for a highly secured facility?a. Local crime rateb. Access roadsc. Surrounding terraind. Proximity to airport flight path
A
D: The proximity to airport flight path is the least important consideration aspect from this list. In most cases, except for top-secret military facilities, being in a flight path is inconsequential.
15
Q
- When constructing a new building for a secure site, which of the following is the least important issue to consider in regards to security?a. The combustibility of the walls and ceilingb. Whether windows can be openedc. The type of fire suppression systemd. The size of the facility
A
D: The size of the facility is the least important security factor to consider.
16
Q
- Which of the following is not an example of a physical security physical control?a. guard dogsb. man trapsc. fencingd. data backups
A
D: Data backups are an example of a physical security technical control.
17
Q
- Which of the following is an example of a physical security physical control?a. security guardsb. CCTV monitoringc. Power supply managementd. intrusion detection
A
A: Security guards are an example of a physical security physical control.
18
Q
- Which of the following is the least important aspect to consider when selecting a security facility location?a. surrounding terrainb. costc. access to emergency servicesd. proximity to residential areas
A
B: Cost is the least important aspect when considering a location for a secure facility (from this list of options).
19
Q
- When should hardware be replaced to maintain availability?a. At the mean time to repairb. Every two yearsc. When capacity reaches 65% utilizationd. Before the mean time between failures
A
D: Hardware should be replaced before it reaches its age of mean time between failures.
20
Q
- Which of the following is not an example of a physical security administrative control?a. trainingb. facility managementc. emergency response proceduresd. alarms
A
D: Alarms are examples of physical security technical controls.
21
Q
- Which of the following is not a benefit of a human incompatible server/computer room?a. An emergency shelterb. Improved fire suppressionc. Lower temperature settings d. Efficient use of space
A
A: A human incompatible server room cannot serve as an emergency shelter, this is a disadvantage.
22
Q
- When physical security is violated and damage occurs to the computer hardware itself, this is a violation of what principle of security?a. Availabilityb. Confidentialityc. Accountabilityd. Integrity
A
A: Physical damage is a violation of availability.
23
Q
- Which of the following is the least important aspect to consider when selecting a security facility location?a. access to means of transportationb. frequency of earthquakesc. sized. direction of door openings
A
C: Size is the least important aspect when considering a location for a secure facility (from this list of options).
24
Q
- Which of the following is the least important aspect to consider when designing the interior of a security facility?a. load ratingb. fire resistancec. accessibilityd. consistency in decorating scheme
A
D: Consistency in decorating scheme, such as the color and texture, are the least important aspect of a facility’s interior when designing security.
25
25. Which of the following is not an important physical security factor when considering the security of windows? a. UV reflection or blocking b. translucency vs. opaqueness c. shatterproof d. placement
A: UV reflection or blocking is the least important factor in regards to security when considering windows.
26
26. Which of the following is a direct threat to maintaining the integrity of hosted data? a. unauthorized disclosure b. termination of power to the supporting systems c. no input validation d. loss of physical access control of a system
C: No input validation is a threat to maintaining the integrity of hosted data.
27
27. Which of the following represents a threat to confidentiality, integrity, and availability? a. theft of a notebook b. physical destruction of access terminals c. unauthorized disclosure d. termination of power to the supporting systems
A: Theft of a laptop represents a threat to confidentiality, integrity, and availability.
28
28. Which of the following is not considered a physical security emergency? a. toxic material release b. intrusion attempts through communication links c. facility fire d. flooding
B: Intrusion attempts through communication links is a technical or logical security emergency, not physical.
29
29. Which of the following is not an important physical security factor when considering the security of flooring? a. load rating b. texture c. conductivity of the surface d. combustibility
B: The texture of following is the least important physical security factor when considering the security of flooring.
30
30. Internal partitions are useful for creating? a. division of work from visitor spaces b. fire barriers c. separate work spaces d. distinction between areas of different sensitivity
C: Partitions are useful for creating separate work spaces.
31
31. Which of the following should be used to provide sufficient security and separation of areas with various levels of sensitivity and confidentiality? a. partitions b. windows c. boundaries outlined by colored tape d. floor to ceiling permanent walls
D: Floor to ceiling permanent walls should be used to provide sufficient security and separation of areas with various levels of sensitivity and confidentiality.
32
32. Which of the following is not a human threat to physical security? a. vandalism b. strikes c. utility loss d. sabotage
C: Utility loss is a threat of physical security that can be caused by humans, but it can also be caused by natural disasters. This is the best answer for this question.
33
33. The most important factor when designing and implementing physical security solutions is? a. cost effectiveness of mechanisms b. efficiency of solutions c. automation of controls d. personnel safety
D: Personnel safety is always the most important factor when designing and implementing physical security solutions.
34
34. To protect the data center from threats to physical security, what should be done? a. It should be placed in the center or core of the facility b. It should be located off site c. It should be placed in the basement d. It should be distributed throughout the facility
A: The data center should be placed in the center or core of a facility for the maximum protection from threats to physical security.
35
35. When designing a facility to provide protection for sensitive electrical equipment, what is the most important factor? a. load rating of the floor b. electrical conductance of the flooring material c. whether or not raised flooring is used d. the physical dimensions of the data center room
B: The most important factor when protecting sensitive electrical equipment is the electrical conductance of the flooring material or the likelihood of generation and sparking of static electricity.
36
36. Secure and protected computer rooms or data centers should be all but which of the following? a. restricted access b. electronic equipment compatible fire suppression system c. human compatible d. located in the center or core of the facility
C: A computer room or data center need not be human compatible to be secure and protected.
37
37. The momentary increase in power often experienced at the moment when a device or a power system is turned on is known as? a. surge b. spike c. noise d. inrush
D: An inrush is the momentary increase in power often experienced at the moment when a device or a power system is turned on.
38
38. The short duration of an interfering disturbance in the power line is known as? a. transient b. spike c. noise d. sag
A: A transient is a short duration of an interfering disturbance in the power line.
39
39. The radiation generated by the difference in power of the hot and neutral wires of a circuit is known as? a. transient b. traverse mode noise c. common mode noise d. brownout
B: Traverse modem noise is the radiation generated by the difference in power of the hot and neutral wires of a circuit.
40
40. An important aspect of a physical security mechanism is? a. personnel safety b. compliance with industry standards c. similarity with existing solutions d. user training required
A: Personnel safety is an important concern when considering security mechanisms.
41
41. Physical security mechanisms should always? a. be invisible to the user b. comply with laws and regulations c. be automated d. be approved by all levels of management
B: Physical security mechanisms should always comply with laws and regulations.
42
42. To control costs while maintaining a reasonable level of protection against the failure of hardware, you should? a. know the locations of several hardware vendors in your city b. maintain a hot site duplicate facility c. obtain a service level agreement with a hardware vendor d. store replacement parts on site
C: Obtaining a service level agreement with a hardware vendor provides a reasonable level of protection against the failure of hardware.
43
43. Which of the following is not an effective means to eliminate or reduce power line noise? a. move power lines away from strong magnetic sources b. ensure proper grounding c. use cables with fewer twists d. add cable shielding
C: Cables with fewer twists will increase the likelihood of power line noise.
44
44. According to the ANSI standard, at what point of a drop in power between the power source and the meter is a brownout declared? a. 1.20% b. 10% c. 3.50% d. 8%
D: According to the ANSI standard, at a drop of 8% in power between the power source and the meter is a brownout declared.
45
45. Which is not a Water-based Fire protection System? a. Preaction System b. Deluge System c. Dry Pipe System d. Infared Flame Detector
D: An Infared flame detector is not a water based fire protection system in itself. It can be used inconjunction with other water based systems. The infared flame detector reacts to emissions from flame.
46
46. Hardware components should be replaced when? a. Every year b. Immediately after their second failure c. On every instance of a failure d. Before their mean time between failure time period expires
D: Hardware components should be replaced before their mean time between failure (MTBF) time period expires.
47
47. The hardware component rating of mean time to repair (MTTR) is used for what purpose? a. to determine how often to expect to replace a device b. to determine when to replace a device c. to determine how long it takes to repair a device d. to determine the length of time after the first failure before a device must be replaced.
C: The mean time to repair (MTTR) is used to determine how long it will take to repair a device.
48
48. Which of the following is not considered an adequate protection means for a mission critical server? a. uninterruptible power supply b. surge protector c. alternate power supply d. backup generator
B: A surge protector, while useful and recommended, is not the best option from this list of power protection devices for a mission critical server.
49
49. A momentary loss of power is known as? a. brownout b. spike c. fault d. sag
C: A fault is a momentary loss of power.
50
50. Radio frequency interference (RFI) can be caused by all but which of the following? a. electric cables b. cement walls c. fluorescent lights d. space heaters
B: Cement walls do not cause radio frequency interference (RFI), but may actually reduce it.
51
51. A pre-employment screening process should include all but which of the following? a. reference checks b. drug screening c. supervisor review d. education history verification
C: A supervisor review can only occur after a worker has been employed for a length of time. This is not an element of the pre-employment screening process.
52
52. Which of the following is not an element that should be a part of on-going employee checks? a. security clearance verification b. supervisor review c. drug testing d. termination of physical access
D: Termination of physical access should occur as an element of the post-employment or termination procedures, not as part of on-going employee checks.
53
53. What is the ideal operating humidity for a data center room? a. 20 - 40% b. 40 - 60% c. 60 - 80% d. 80 - 100%
B: The ideal operating humidity for a data center room is 40-60%.
54
54. Static electricity discharges over ___________ volts are possible on low-static carpeting with very low humidity. a. 1,000 b. 5,000 c. 20,000 d. 150,000
C: Static electricity discharges over 20,000 volts are possible on low-static carpeting with very low humidity.
55
55. A static discharge of a 1000, volts is sufficient to cause which of the following forms of damage? a. cause a system shutdown b. destroy data on a hard drive c. permanently damage microchips d. scramble a monitor display
D: A static discharge of a 1000, volts is sufficient to scramble a monitor display.
56
56. A static discharge of only __________ volts is sufficient to cause a printer jam or serious malfunction? a. 4,000 b. 1,000 c. 55,000 d. 17,000
A: A static discharge of only 4,000 volts is sufficient to cause a printer jam or serious malfunction
57
57. When selecting a fire extinguisher to use against burning liquids, you should not select one which uses? a. CO2 b. soda acid c. halon d. water
D: Water should never be used to attempt to extinguish burning liquids. In most cases, water will help spread the fire rather than suppress it.
58
58. What is the most effective suppressant for electrical fires? a. CO2 b. soda acid c. water d. soda ash
A: CO or Halon are most effective against electrical fires. Type C fire extinguishers use CO, Halon, or a Halon replacement to suppress electrical fires.
59
59. In a data center, what is the best choice for a hand-held fire extinguisher? a. A bucket of sand b. Type C c. A bucket of water d. Type B
B: Type C fire extinguishers use CO, Halon, or a Halon replacement to suppress electrical fires. Type C is the best choice for a data center.
60
60. The termination procedure may include all but which of the following? a. issuing of photo ID b. escort off the premises c. review of non-disclosure agreements d. return of equipment
A: The issuing of photo ID is an element of the employment or hiring procedures, not the termination procedures.
61
61. Which of the following is not an administrative control for maintaining physical security? a. fire drills b. assigning a user account logon rights c. exit interview d. employment record verification
B: Assigning a user account logon rights is a logical or technical control for maintaining logical or technical security.
62
62. When maintaining administrative controls to protect physical security in the event of a disaster or emergency, all but which of the following should be performed? a. clearly document the steps of the procedures of the recovery plan b. personnel training and drills c. perform a detailed risk analysis d. periodic review of the recovery plan
C: Risk analysis is not an element of maintaining administrative controls to protect physical security. Instead, risk analysis is used to select the safeguards to implement and re-evaluate their effectiveness, not in the maintenance of a selected security solution.
63
63. The most appropriate form of fire suppression mechanism for data centers is? a. preaction b. gas discharge c. deluge d. dry pipe
B: A gas discharge system is most appropriate for data centers since a gas can be selected that will cause the least damage to the equipment in the event of a real or a false alarm release of the suppression medium.
64
64. A CO2 gas discharge system suppresses fires by what means? a. heat reduction b. fuel removal c. oxygen displacement d. interrupting the chemical reaction of burning
C: A gas discharge system suppresses fires by means of oxygen displacement.
65
65. Why is Halon being replaced whenever possible and not being used when new fire suppression gas-discharge systems are installed? a. Halon is not effective against electrical fires. b. Halon is expensive. c. Halon is too difficult to manage in most data center environments. d. Halon degrades into toxic chemicals at 900 degrees.
D: Halon degrades into toxic chemicals at 900 degrees.
66
66. A benefit of security guards is what? a. offer discriminating judgment b. not usable in all environments c. fraudulent information on job application or resume d. illness
A: A benefit of security guards is their ability to offer discriminating judgment on site.
67
67. The most suitable replacement for security guards is? a. lighting b. dogs c. fencing d. proximity detectors
B: For certain situations, dogs are the most suitable replacement or alternative for security guards.
68
68. The benefit of guards dogs is? a. cost b. maintenance c. perimeter security control d. insurance and liability issues
C: Guard dogs are excellent tools for perimeter security control.
69
69. Fire detectors respond to a fire through a sensor that detects one of all but which of the following? a. heat b. light c. sound d. smoke
C: Fire detectors do not sense the sound of fire. Intrusion detection alarms or certain types of motion detectors use sound (such as glass breaking or the change in a steadily broadcast frequency) to detect movement.
70
70. What type of flame or fire detector is considered the most expensive but also the fastest in detecting fires? a. smoke actuated b. fixed temperature heat actuated c. rate of rise heat actuated d. flame actuated
D: Flame actuated fire detectors are considered the most expensive but also the fastest in detecting fires.
71
71. What form of water-based fire suppression systems is considered the most inappropriate for data centers? a. deluge b. preaction c. dry pipe d. wet pipe
A: Deluge systems are a form of dry pipe system, but with a larger volume of water. Deluge systems are not recommended for data centers.
72
72. What physical security mechanism is the most recognized means of defining the outer perimeter of a secured or controlled area? a. lighting b. proximity detectors c. locked doors d. fencing
D: Fencing is the most recognized physical security mechanism used to define the outer perimeter of a secured or controlled area
73
73. Casual trespassers are usually deterred by what? a. a fence 3 to 4 feet high b. a lighted perimeter c. a wooden fence 6 feet high d. posted authorized entry only signs
A: Casual trespassers are usually deterred by a fence a minimum of 3 to 4 feet high. They are also deterred by stronger or higher means, such as a fence feet high. However, this question asked only for a deterrent against just casual trespassers, not stronger mechanisms of trespassing protection.
74
74. The most effective means to contain a subject while the authentication process is performed so that in the event of a failure a security guard response can result in the capture of the subject is what? a. a gate b. a mantrap c. a turnstile d. a proximity detector
B: A mantrap is the most effective means to contain a subject while the authentication process is performed so that in the event of a failure a security guard response can result in the capture of the subject. In a mantrap, a subject must enter a small room that has both doors locked. Only after a successful authentication is the inner door opened for entry. If the authentication fails, a security guard is notified and the subject is detained within the enclosure.
75
75. The most commonly used ecological replacement for Halon in gas discharge systems is? a. FM-200 b. low pressure water mists c. CO2 d. Halon 1301
A: FM-200 is the most commonly used ecological replacement for Halon in gas discharge systems.
76
76. Which of the following is not an ecological replacement for Halon in gas discharge fire suppression systems? a. Argon b. Neon c. Inergen d. NAF-S-III
B: Neon is not a fire suppression medium.
77
77. When a Halon or equivalent gas discharge fire suppression system is triggered to stop a fire, which of the following is responsible for causing the lease amount of damage to the computer equipment? a. smoke b. combustion c. suppression medium d. heat
C: The suppression medium, Halon or its replacement equivalents, are designed to cause little or no damage to electrical equipment.
78
78. The benefits of a security guard include all but which of the following? a. able to respond to changing situations b. able to detect unique intrusions and attacks c. can make value judgments in the midst of an incident d. can be socially engineered
D: Being susceptible to social engineering or any form of intrusion or attack is a disadvantage of any security mechanism, include security guards.
79
79. Information on magnetic media can be destroyed by all but which of the following? a. degaussing b. OS based formatting c. overwriting the media seven times d. purging
B: OS based formatting will not destroy the data on media in most cases.
80
80. The only way to absolutely prevent data remenance from being extracted from electronic media is to? a. purge b. format c. destroy by cremation d. overwrite at least seven times
C: The only way to absolutely prevent data remenance from being extracted from electronic media is to destroy it by cremation.
81
81. When a media is to be re-used in the same environment, which of the following is minimally sufficient to prevent unnecessary disclosure? a. purging b. destroy by cremation c. overwrite at least seven times d. clearing
D: Clearing is the process of overwriting a media so it can be re-used in the same environment. It is not as thorough as a purge, but sufficient as long as the security classification remains constant.
82
82. The most commonly deployed form of perimeter protection is? a. fencing b. guard dogs c. lighting d. CCTV
C: The most commonly deployed form of perimeter protection lighting.
83
83. Which of the following is correct? a. The NIST standard for perimeter protection provided by light is that critical areas should be illuminated by 8 candle feet power at 2 feet in height. b. The NIST standard for perimeter protection provided by fencing is that critical areas should be bounded by chain link fencing 3 to 4 feet tall without barbed wire. c. The NIST standard for perimeter protection provided by fencing is that critical areas should be bounded by chain link fencing 6 feet tall with 2 strands of barbed wire. d. The NIST standard for perimeter protection provided by light is that critical areas should be illuminated by 2 candle feet power at 8 feet in height.
D: This statement is correct. The NIST standard for perimeter protection provided by light is that critical areas should be illuminated by 2 candle feet power at 8 feet in height.
84
84. The use of closed circuit television (CCTV) for monitoring live events is considered what form or type of security control? a. preventative b. detective c. responsive d. corrective
A: The use of closed circuit television (CCTV) for monitoring live events is considered a preventative form of security control.
85
85. What is a sag? a. momentary power loss b. Momentary low voltage c. Steady interfering disturbance d. A short burst of power
B: A sag is momentary low voltage.
86
86. An initial surge of power at the startup of a device or system is known as? a. Spike b. Surge c. Inrush d. Noise
C: An inrush is an initial surge of power at the startup of a device or system.
87
87. The radiation generated by the electrical difference between the hot and neutral wires is known as? a. Attenuation b. Common-mode noise c. Crosstalk d. Traverse-mode noise
D: Traverse-mode noise is the radiation generated by the electrical difference between the hot and neutral wires.
88
88. Which of the following is not an effective protection measure against electrical noise? a. Increase voltage b. Line conditioning c. Proper grounding d. Cable shielding
A: Increasing voltage is not an effective means to reduce noise, often increased voltage creates more noise.
89
89. What is always the most important aspect of physical security? a. Protection of backups b. Collection of evidence c. Safety of people d. Business continuity
C: Safety of people is always the most important.
90
90. All but which of the following should be true of physical security mechanisms? a. Comply with laws and regulations b. Should be appropriate to provide required security c. Should protect human safety d. Will be obvious and apparent
D: Physical security should employ both obvious and apparent as well as subtle and unseen mechanisms, but is not always necessary.
91
91. To ensure ongoing operation and to maintain security (especially availability), hardware components should be replaced how often? a. Before the mean time between failures has expired b. Before the mean time between repairs has expired c. Every six months d. Immediately after the first failure
A: To maintain security and operation, hardware should be replaced just before or at the end of the time period defined by the mean time between failures.
92
92. Static electricity generated by a human on non-static carpeting in a low humidity environment can exceed __________ volts. a. 40,000 b. 20,000 c. 10,000 d. 1,000
B: Static electricity generated by a human on non-static carpeting in a low humidity environment can exceed 20,000 volts.
93
93. Which of the following is not an important aspect of candidate screening when hiring a new employee? a. Awareness training b. Checking references c. Verifying educational history d. Drug testing
A: Awareness training is not an aspect of candidate screening, it is an aspect of post-hiring job training.
94
94. Which of the following is the least important aspect of employee termination in relation to security? a. Review of non-disclosure agreements b. Exit interview c. Return of personal belongings d. Escorting the terminate employee off of the premises
C: Return of personal belongings should be performed, but is the least important aspect of employee termination from a security perspective.
95
95. The definition of a brownout according to the ANSI standards is the condition when there is an _________ drop between the power source and the meter or a __________ drop between the meter and the wall. a. 10%, 5% b. 8%, 3.5% c. 3.5%, 9% d. 3%, 12%
B: The definition of a brownout according to the ANSI standards is the condition when there is an 8% drop between the power source and the meter or a 3.5% drop between the meter and the wall.
96
96. The ideal operating humidity for electronic components is? a. 0 - 20% b. 20 - 40% c. 40 - 60% d. 60 - 80%
C: The ideal operating humidity for electronic components is 40 - 60 %.
97
97. Low humidity causes? a. Corrosion b. Power sags c. Static d. Condensation
C: Low humidity causes static.
98
98. At what voltage of a static discharge will permanent chip damage occur? a. 1,000 volts b. 1,500 volts c. 2,000 volts d. 17,000 volts
D: 17,000 volts can cause permanent chip damage.
99
99. Why is halon no longer available for newly installed fire suppression systems? a. It degrades into toxic chemicals at high temperatures b. It is not effective against electrical fires c. It is too expensive d. It is only available in a liquid form
A: Halon has been removed from the market for new systems because it degrades into toxic chemicals at high temperatures.
100
100. What type of fence or boundary is minimally required to deter casual trespassers? a. 8 foot fence with 3 strands of barbed wire b. A 4 to 7 foot fence c. A 3 to 4 foot fence d. A no trespassing sign every 100 feet along a perimeter.
C: A to 3 to 4 foot fence is minimally required to deter casual trespassers.
101
101. What is the most common from of physical security control deployed on the perimeter of a facility? a. Lighting b. Fencing c. Guards d. CCTV
A: Lighting is the most common form of perimeter security control.
102
102. What is the most important aspect of emergency response and reaction procedures? a. Periodic testing b. Integration with disaster recovery and business continuity planning c. Easily accessible documentation d. Protection of personnel safety
D: Protection of personnel safety is always the most important factor.
103
103. What is the order in which security controls should function in the protection of a physical asset? a. Deter, deny, detect, then delay b. Deny, detect, delay, then deter c. Detect, delay, deter, then deny d. Delay, deter, detect, then deny
A: Physical security controls should be deployed so that initial attempts to access physical assets is deterred (i.e, boundary restrictions). If deterrence fails, then direct access to the physical asset should be denied (i.e. locked vault doors). If denial fails, then the intrusion should be detected (i.e. motion detectors). Then the intrusion should be delayed sufficiently for response by authorities (i.e. a cable lock on the asset).
104
104. Which of the following results in the violation of all three principles of the CIA triad? a. Failure of a keyboard lock on a server b. Failure of a cable lock on a laptop c. Failure of a power lock on a desktop system d. Failure of a BIOS boot password
B: Theft of a laptop due to a cable lock failure causes a violation of all three principles of CIA.
105
105. What is the NIST standard for lighting when it is used for perimeter protection? a. 4 foot-candles of power at 12 ft high b. 2 foot-candles of power at 8 ft high c. 1 foot-candles of power at 8 ft high d. 1 foot-candles of power at 16 ft high
B: The NIST standard is 2 foot-candles of power at 8 ft high for perimeter security lighting.
106
106. What is the most secure location to store backup media? a. In the backup device b. In the server room c. On-site in a fire-proof container d. Off-site
D: Off-site is always the most secure location to store backup media. However, security controls at the offsite location must be maintained. The security of off-site storage is to prevent the backup media from being affected by the same disaster that destroys or damages the primary facility.
107
107. When an unauthorized person gains access into a facility by following an authorized person through a controlled access point, this is called? a. Spoofing b. Piggybacking c. Social engineering d. Detection avoidance
B: Piggybacking occurs when an unauthorized person gains access into a facility by following an authorized person through a controlled access point.
108
108. A Class C fire extinguisher may employ which of the following suppression mediums? a. Halon b. Soda acid c. Water d. Acetone
A: A Class C fire extinguisher may contain CO, halon, or a halon equivalent or replacement.
109
109. Which form of fire suppression system would be the best choice for a computer center? a. Wet pipe b. pipe filled with water c. Preaction d. Deluge
C: Preaction is a combination of wet and dry pipe. The dry pipe would be used in the computer center. With these choices preaction would be the most correct.
110
110. Which of the following is not one of the three elements or aspects of a fire that can be removed to extinguish a flame? a. Fuel b. Heat c. Humidity d. Oxygen
C: Removing humidity will not extinguish a flame.
111
111. Which type of fire detection and suppression systems is most prone to false alarms? a. Fixed temperature b. Flame actuated c. Rate of rise d. Smoke actuated
C: Rate of rise systems are most prone to false alarms (i.e. sprinkler triggering).
112
112. Which of the following does not require secure destruction to prevent re-use when it is no longer required or needed within a secured environment? a. CD-ROMs b. Printouts c. Video cards d. Hard drives
C: Video cards do not need to be destroyed.
113
113. Which of the following is a benefit of dogs? a. Cost b. More reliable than guards c. Maintenance requirements d. Liability issues
B: Dogs are often more reliable than guards, this is a benefit.
114
114. A room that is both secure and safe should have what? a. A single access door b. No more than two doors c. No windows d. Removable floor and ceiling panels
B: A secure and safe room has no more than two doors. This allows to avenues of safe escape in the event of an emergency while limiting the number of access points that must be monitored.
115
115. When closed circuit television is used to record live events, this is what type of physical security control? a. Preventative b. Deterrent c. Detective d. Corrective
C: CCTV recording is a detective security control.
116
116. A double set of doors used to protect an entry into a highly secured area which is often monitored by a guard is known as? a. One way door b. Turn stile c. TEMPEST cage d. Man-trap
D: A man-trap is a double-door system used to control entry into a secured area often monitored by a guard.
117
117. If an intrusion detection and alarm system is to employ a local audible alarm, from what distance must the alarm be heard? a. 400 ft b. 100 meters c. 1 mile d. 200 yards
A: An audible alarm must be heard from at least 400 ft.
118
118. An electrical fire can be safely and properly extinguished using what class of fire extinguisher? a. Class A b. Class B c. Class C d. Class A or C
C: Only class C extinguishers are rated for electrical fires.
119
119. Which of the following is not a benefit of using guards for perimeter security? a. Reliability b. Ability to learn c. Can respond to changing conditions d. Can recognize new patterns of intrusion
A: Guards are overall unreliable due to the fact that they are human, pre-screening may have failed, they could be improperly trained, they take vacations, become ill, may perform substance abuse, and are vulnerable to social engineering.
120
120. What fire detection system acts as a early warning mechanism? a. Sprinkler heads b. Thermal detectors c. Class C fire extinguishers d. Ionization detector
D: An ionization detector can serve as an early warning system for fire detection.
121
121. Which of the following is not a replacement for halon? a. FM-200 b. CEA-410 c. Halon 1301 d. Argon
C: Halon 1301 is just a gaseous form of halon, it is not a halon replacement.
122
122. When an FM- fire suppression system is discharged to manage a fire in a computer center, which of the following elements would be least responsible for causing physical damage to the equipment? a. Heat b. Smoke c. Combustion d. Suppression medium
D: The suppression medium of FM- will be the cause of the least amount of damage to equipment since it does not leave a residue on equipment.
123
123. Which of the following is not an element in an automatic intrusion detection and alarm system designed to monitor for facility breaches? a. Photoelectric sensors b. Dry contact switches c. Motion detectors d. CCTV
D: CCTV requires a human and therefore is not used as part of an automated intrusion detection and alarm system.
