The 200 Flashcards by Robert Harkort

When it is necessary to question a witness about sexual deviation, all the following should be avoided except:

A. Using street language
B. Giving the impression of being avid to develop the facts
C. Leaving the impression of suspecting the subject of being a sex deviate
D. Allowing the witness to frame the testimony in his or her own words

How well did you know this?

Not at all

Perfectly

When designing security for an elementary school, classrooms should have a clear unobstructed view of entry roads. In CPTED, this describes:

A. Traffic calming
B. Mechanical surveillance
C. Natural surveillance
D. Natural access control

How well did you know this?

Not at all

Perfectly

Which of the following is not a correct statement, as a general rule, involving the protection of proprietary information?

A. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship
B. By operation of common law, employees are presumed to be fiduciaries to an extent that they may not disclose secrets of their employers without authorization
C. Other than the employees, any other persons to be bound to secrecy must agree to be so bound
D. Any agreement to be bound must always be in writing and are not implied from acts

How well did you know this?

Not at all

Perfectly

A set of criteria, guidelines, and best practices that can be used to enhance the quality and reliability of products, service, or processes, is the definition for which of the following?

A. Guideline
B. Standard
C. Regulation
D. Code

How well did you know this?

Not at all

Perfectly

The four (4) elements of emergency management are which of the following?

A. Planning, policies, preparedness, and response
B. Mitigation, policies, response, and recovery
C. Mitigation, preparedness, response, and recovery
D. Planning, preparedness, countermeasures, and recovery

How well did you know this?

Not at all

Perfectly

Unclassified material should be marked:

A. ‘Unclassified’ at the top of the page
B. ‘Unclassified’ at the bottom of the page
C. ‘Unclassified at the top and bottom of the page
D. With no marking

How well did you know this?

Not at all

Perfectly

Which concept can be used to analyze the need for security personnel in a physical protection system - for example for alarm assessment?

A. The ‘four eyes principle’ concept
B. The ‘necessary human being’ concept
C. The ‘linking pin’ concept
D. The ‘human back-up’ concept

How well did you know this?

Not at all

Perfectly

A successful security design recognizes technological developments and integrates which three elements?

A. Architectural aspects; security systems; and operational factors
B. Architectural aspects; personnel; and effective PPS
C. PPS; personnel and procedures
D. PPS; personnel and security awareness programs

How well did you know this?

Not at all

Perfectly

Adoption of ESRM propels the security program towards …

A. … lower risk levels
B. … reduced security costs
C. … a higher level of risk awareness
D. … constant improvement

How well did you know this?

Not at all

Perfectly

In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This best describes which of the following?

A. Business ethics
B. Government regulations
C. Corporate law
D. Civil law

How well did you know this?

Not at all

Perfectly

When designing objectives or goals, they must be SMART. This acronym stands for which of the following:

A. Strategic; Measurable; Attainable; Relevant; Time-bound
B. Strategic; Metric-based; Accountable; Relevant; Time-bound
C. Specific; Measurable; Accountable; Reliable; Time-bound
D. Specific; Measurable; Attainable; Relevant; Time-bound

How well did you know this?

Not at all

Perfectly

Identifying residual risk is MOST important to which of the following concepts?

A. Risk deterrence
B. Risk acceptance
C. Risk mitigation
D. Risk avoidance

How well did you know this?

Not at all

Perfectly

A protection system’s individual applications and components should be integrated and converged so that they provide an equal level of protection. This concept is known as:

A. Security in depth
B. Balanced protection
C. Convergence
D. Onion approach

How well did you know this?

Not at all

Perfectly

Network devices typically communicate using a worldwide internet standard for communication, also called:

A. TCP/IP
B. DNS Servers
C. WIN Servers
D. Web Proxies

How well did you know this?

Not at all

Perfectly

A key element in the information asset protection (IAP) risk assessment process is a thorough study of existing and projected threats. What are the categories?

A. Historical, current and future threats
B. Man-made, natural and intentional
C. Intentional, natural and inadvertent threats
D. Internal, external and government

How well did you know this?

Not at all

Perfectly

Which common non-probability sampling method requires recruitment of participants via other participants?

A. Stratified sampling
B. Snowball sampling
C. Cluster sampling
D. Random sampling

How well did you know this?

Not at all

Perfectly

This organization prepares safety standards primarily as a guide to security device manufacturers, and then certifies whether devices submitted to the laboratories for approval meet those standards. This organization is called:

A. Underwriters Laboratories (UL)
B. International Standards Association (ISO)
C. American National Standards Institute (ANSI)
D. American Society for Testing and Materials (ASTM)

How well did you know this?

Not at all

Perfectly

An assessment approach that is used to evaluate target attractiveness and includes criticality, accessibility, recuperability, vulnerability, effect and recoverability is BEST described as the:

A. Vulnerability assessment
B. Risk assessment
C. CARVER assessment
D. Security survey

How well did you know this?

Not at all

Perfectly

What is an integral component to any travel security program, and especially to executive travel?

A. An agreement with a global risk organization
B. A user-friendly mobile travel app
C. An in-house travel agency
D. A risk assessment of the travel destination

How well did you know this?

Not at all

Perfectly

Which of the following sensors relies on the Doppler frequency shift between the transmitted and received signal caused by a moving object within the energy field?

A. Capacitance sensors
B. Proximity sensors
C. Microwave sensors
D. Passive infrared sensors

How well did you know this?

Not at all

Perfectly

Which of the following statements best describes the “statement of work”?

A. Details what work should be included in the contract
B. Outlines the invitation for bids and the specification list
C. Outlines the list of specific equipment and software along with costs
D. Outlines the performance criteria and specifications

How well did you know this?

Not at all

Perfectly

When in the procurement stage, an invitation for bids (IFB) will list specific equipment and software and request prices from the contractors to supply the specific items and install them. This is best described as:

A. Design estimation
B. Design specification
C. Design planning
D. Design evaluation

How well did you know this?

Not at all

Perfectly

In the Plan-Do-Check-Act (PDCA) cycle, this is the most critical stage and calls for identifying and analyzing the organization’s problems and events that could disrupt operations and assets. This step is referred to as which part of the cycle?

A. Plan
B. Do
C. Check
D. Act

How well did you know this?

Not at all

Perfectly

An uncertain situation where a number of possible outcomes might occur, one or more of which is undesirable, BEST describes which of the following?

A. Risk
B. Threats
C. Loss
D. Targets

How well did you know this?

Not at all

Perfectly

When should a project team, involved in selecting security countermeasures, consider supplementing the team with outside consultants? A. When a project has a unique purpose and an explicit goal to be completed on-time B. When the skills needed are not available within the project team C. When a project had a primary sponsor or customer who provides funding D. When a project is temporary

In order to be legally acceptable, whatever the evidence, it must be competent, relevant, and: A. Necessary B. Material C. Pertinent D. Useful

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation? A. Information Security Awareness B. Social Media and BYOD C. Data Handling and Disposal D. Acceptable Use of IT Systems

Which of the following best describes the following? “This equipment is primarily used to: - Detect activities that call for a security response - Collect images of an incident for later review - Assist with incident assessment” A. CCTV surveillance B. Video surveillance C. Intrusion detection D. Access control

Most of the information gleaned during the investigative process comes from: A. Surveillance B. Undercover C. Interviews D. Internet

Which of the following best describes the document that tells how much money an organization generates (revenue), how much it spends (expenses) and the difference between those figures (net income)? A. Balance sheet B. Income statement C. Expense sheet D. Cash flow statement

The main principle of tendering is that: A. Bidders must be able to offer low prices B. Bidders must be able to offer the best quality C. There should be open and fair treatment of suppliers D. Bidders must be able to offer the best value for money

Access to internal company information should be restricted. Which of the following best describes who can access sensitive information? A. Personnel authorized by the original owner or IT Manager. B. Company personnel who have attended an information security workshop. C. Company personnel or others who have signed a nondisclosure agreement. D. Access is granted based on their position or management level.

Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? A. Enticement B. Entrapment C. Deceit D. Sting

The type of glass that is often used for both safety and security purposes because it is three to five times stronger than regular glass and five times as resistant to heat is: A. Reflective glass B. Coated glass C. Wired glass D. Tempered glass

Which of the following lighting systems have the best color rendition for night lighting? A. Mercury vapor B. Metal halide C. Low pressure sodium D. High pressure sodium

When implementing ESRM, security professionals should have a comprehensive understanding of four elements regarding the context in which the organization operates: Mission and vision (1); Core values (2); Operating environment (3). What is the fourth one? A. Risk appetite B. Stakeholders C. Governance D. Mitigation

Which of the following factors, besides relative value, and criticality, is considered when determining asset value? A. Net value B. Loss expectancy C. Replacement value D. Location

Under the defensible space concept, which of the following are areas created as a buffer between public and private zones and have design features for establishing definite and clear transitional boundaries? A. Semi-private zones B. Clear zones C. Buffer zones D. Controlled zones

The timing of the removal of the undercover operative is one of the most frequently debated subjects among undercover supervisors. How long should the operative be kept in place? A. Removed as soon as possible to save costs B. Should be kept in place as long as possible. C. Should be removed as soon as possible when evidence is gained D. Removed upon direction from the senior management.

Information warranting protection must be appropriately identified and marked. Various levels are used to distinguish the degree of sensitivity or the degree of protection warranted: confidential, restricted, limited, non-public, etc. Who is best suited to define the security level? A. The Security Manager B. The IT Manager C. The IT Security Manager D. The originator of the information

Which of the following is not true regarding electronic eavesdropping? A. A listening device installed in a wire will cause a crackling sound, click, or other noise that can be heard on the line B. An effective countermeasure to detect evidence of electronic eavesdropping in telephone equipment should be conducted by a person who is technically familiar with such equipment. C. An effective countermeasure would be to conduct a physical search as well as an electronic search. D. All wiring should be traced and accounted for.

Which of the following is suggested as part of evaluating an inadvertent threat? A. Long-term data collected on weather and other natural hazards, terrains, and environments B. Evaluate information provided by neighboring businesses for natural events which have caused losses C. Unexpected natural events can occur, so some degree of all-hazard preparedness is evaluated D. Utility interruptions, closure of access routes, unwanted attention, or traffic, full or partial operation shutdowns and productivity disruptions

‘Employment of services, equipment and techniques designed to locate, identify and neutralize the effectiveness of covert technical surveillance devices’ is the definition for which of the following? A. Technical surveillance countermeasures B. Contracted investigation services C. Technical Security Services D. Contracted counter-surveillance

Which insurance policy covers civil liabilities to third parties, arising from bodily injury, property damage, or other wrongs due to the action or inaction of the insured? A. Property insurance B. Indemnity insurance C. Casualty insurance D. Liability insurance

The following theory asserts that managers should avoid quick fixes. Manipulating hygiene factors may alleviate dissatisfaction but will not result in a state of satisfaction. Allowing an individual to reach a state of satisfaction requires changes in the work content itself, such as increased autonomy or responsibility. This is best described as part of which of the following theories? A. Maslow’s Theory B. McGregor’s Theory C. Hertzberg’s Theory D. Hertzberg’s Theory

In which stage of incident response does a team analyze the incident and determine steps to prevent a future occurrence? A. Mitigation B. Identification C. Preparation D. Post-event

Risk assessments are dependent upon the type of risk, purpose of the analysis, resource limitations, the information available to the assessor, and the availability of metrics. Risk may be assessed by using a suitable approach. Which type of analysis relies on probabilities and statistics using mathematical formulas and calculations to interpret numbers, data, and estimates? A. Probabilistic analysis B. Prospective analysis C. Qualitative analysis D. Quantitative analysis

The process designed to systematically identify and evaluate an organization’s assets based on the importance of its mission or function, the group of people at risk, or the significance of a disruption on the continuity of the organization. A. Qualitative risk assessment B. Criticality analysis C. Risk identification D. Loss event profile

As security manager of an industrial site, which methodology would you use in a security assessment conducted in the form of a penetration test? A. Inside-Outward methodology B. SWOT analysis methodology C. Outside-Inward methodology D. Functional (security discipline) methodology

A psychopath can often pass a polygraph test with a clean record because of the following characteristic: A. Uncooperative attitude B. Unstable personality C. An inferiority complex D. An abnormal lack of fear

Insurance coverage on an asset is considered the most common form of what type of risk management mitigation approach? A. Risk Spreading B. Risk Reduction C. Risk Transfer D. Risk Acceptance

Which of the following types of investigations is considered the ‘the most common type of investigation’ in many business and organizational settings? A. Incident B. Misconduct C. Compliance D. Undercover

In incident command management, when an incident requires public safety response, who becomes the incident commander? A. The security manager B. The senior member of the organization’s leadership C. The senior member of the responding agency D. The senior member of the responding security team

As the Senior Security Executive of a multinational organization, you are considering outsourcing the security services function. What would be one of the advantages of using contract staff (employed by a security services firm) in comparison to using proprietary or in-house staff for security in your organization? A. More direct control over security personnel B. Greater flexibility in staffing levels (up- or downsizing). C. Lower turnover due to a higher sense of employee loyalty to the organization D. Guaranteed risk mitigation through the outsourcing structure

One of the following is not considered an element of the common law crime of arson: A. Commercial building B. Maliciousness C. Burning D. Willfulness

Badges are an important security tool for: A. Layered defense B. Identification C. Defense in-depth D. Security awareness building

Active intrusion sensors transmit a signal from a transmitter and, with a receiver, detect changes or reflections of that signal. When the transmitter and the receiver are separated, what type of installation would this be called? A. Mono-static B. Bi-static C. Passive D. Active

It is becoming increasingly more difficult to do a good preemployment background investigation because of: A. The expense B. The lack of skilled investigators C. Various rulings and court decisions that inhibit the use of techniques or instruments available D. The uncooperative attitudes of persons interviewed

Confidentiality of information may be protected by different techniques. These include system protections, encryption, and the AAA triad. What does the AAA triad refer to? A. Access, Availability, Authorization B. Authentication, Authorization, Auditing C. Access, Authentication, Auditing D. Authorization, Approval, Access

The tendency to search for, interpret, favor, and recall information in a way that confirms or supports one's prior beliefs or value, is known as: A. Confirmation bias B. Inherent bias C. Memory bias D. Cultural bias

These are based on the investigative goals but are more specific and may be more short-lived. They are generally measurable and can be used to gauge the progress, success, or achievement of an investigative unit. They are BEST described as: A. Metrics B. Objectives C. Strategies D. Ethics

A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A. Policies B. Procedures C. Metrics D. Standards

“The process of establishing a sense of ownership, responsibility and accountability among property owners, managers or occupants to increase vigilance in identifying trespassers.” Which of the following terms BEST meets this CPTED description? A. Target Attractiveness B. Natural Territorial Reinforcement C. Random Activity Theory D. Neighborhood Watch

What does the term “noise” refer to in the context of interpersonal communication? A. Distractions in the external environment B. Any distortion that interrupts what is received and what is sent C. Non-verbal communication of the sender and receiver D. Too many team members talking simultaneously during a meeting

Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk

This defines why the business exists, is essential for developing organization-specific management practices and how it will maintain itself as a profitable, viable entity not only in the moment but also three to five years out. This is called a: A. Organizational strategy B. PEST plan C. STEP strategy D. SWOT plan

To effectively involve the law for the protection of sensitive information, the owner of the proprietary information must be able to show ‘objective indications of attempts to protect secrecy’. Which of the following has not been recognized in the past as such an indication? A. Use of warning signs to alert employees to sensitive data and the places it is stored B. Separately storing sensitive information in security containers with the appropriate security precautions C. Employing a system with cyclical redundancy checks D. Restrictions to nonemployee access to places containing sensitive information

What type of material would be better for a storefront in terms of resistance to breakage and resistance to overall deterioration? Laminated glass Wired glass Bullet-resistant glass Acrylic material

If the total assets on an organization’s balance sheet equals € 5 million and the equity € 3 million, what will the total value of liabilities be? € 5 million € 8 million € 2 million € 3 million

Which statement BEST describes “non-verbal” responses? Both spoken words and gestures that serve as word substitutes, such as nodding the head to indicate yes. Voice characteristics such as tone, pitch, speed and clarity. Body movements, position changes, gestures, facial expressions and eye contact. Voice characteristics and body movements that indicate deception.

These diagrams show complete security subsystems, including all the devices and how they are connected in a building or campus. They are called: Details diagrams Plan drawings Elevation drawings Riser diagrams

Which of the following is not correct regarding benzodiazepine? This family of depressants is used to relieve anxiety and tension. This depressant causes muscle spasms and convulsions. This depressant is safer to use than other depressants. Excessive use may result in physical and psychological dependence

A sentry dog normally does not perform as well at: Radar sites Warehouses Gasoline storage areas Ammunition storage areas

When an adversary defeats an access control point (for example the main entrance) to avoid detection, this is best described as: Attack by deceit Technical attack Direct physical attack Indirect physical attack

Physical security protection in this layer of security measures includes protective lighting, intrusion detection systems, locks, signs, barriers such as fencing, and the building walls itself. Protection of building exterior openings is important. This best describes the ______ layer of protection. Outer Middle Inner Perimeter

Who is best suited to conduct a preliminary search for suspicious packages in the event of a bomb threat? People who work in that area The responding fire department The responding police Responding security officers

Information systems countermeasures are divided into three broad classifications. ‘Management policies, standards, procedures, guidelines, personnel screening and awareness training’ fall into which category of controls? Administrative controls Technical controls Physical controls Infrastructure controls

‘This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve’. This best describes: Mission Statements Vision Statements Strategic Plans Organizational Objectives

What refer to any means one uses to control the flow of access to an area and have the objective to deter or delay the intruder? Access control Gates Fences Barriers

Consider the following scenario: The asset value of your company's primary servers is € 2 million, and they are housed in a single office building in Arizona. You have field offices scattered throughout the world, so these servers in the main office account for approximately half the business. Tornados in this part of the world are not uncommon, and it is estimated one will level the building every 60 years. Only considering asset value, which of the following would be the single loss expectancy (SLE) for this scenario? € 2 million € 1 million € 500.000 € 33.333

Which of the following terms best meets this description? ‘This process corrects faults and returns the system to operation after a hardware or software component fails’. Remedial maintenance Preventive maintenance Emergency maintenance Commissioned maintenance

Which of the following best meets this description? ‘The mixture of people, systems and techniques required to carry the project to successful completion’. Project analysis Project integration Project management Project alignment

The following theory asserts that a person’s behavior is driven by basic needs at different levels and is still widely recommended to analyze individual employee motivation. It is referred to which of the following? Maslow’s Theory McGregor’s Theory Hertzberg’s Theory Motivation-Hygiene Theory

Which of the following statements is TRUE concerning employee dishonesty? Most employees who steal from their employers consider themselves dishonest. Employees involved in theft have usually been involved in other prior misconduct at the company. Most employees would steal from their employer if given the opportunity. Employers have no control over factors that contribute toward employee theft and fraud.

A company is interested in purchasing property overseas. They decide to conduct an investigation to evaluate the current property owners, the location, finances and operations of the target property. Which of the following statements is BEST describes this type of investigation? Compliance Financial Background Due diligence

Generally speaking, a felony is defined as: A crime in which there is a clear victim Any crime that can carry a jail term and a fine Any crime that can be punishable by a period of imprisonment of greater than 1 year Any crime involving an injury to persons or theft of something valuable

Which of the following is another name for social engineering? Social disguise Social hacking Wetware Wetfire

This is a nongovernmental organization bringing together stakeholders from the public, private, and not-for-profit sectors. It serves as a central point where standards bodies from around the world – and the organizations that participate in them – can gather to develop standards jointly. It is called: ASIS International American National Standards Institute International Standards Organization National Fire Prevention Associatio

In the eyes of the court, an expert is a person skilled by means of: Skill, experience, and personal knowledge Training, skill, and experience Education, training, and skill Education, training, and experience

What is the purpose of the Red Flags Rule which regulates financial institutions? Early detection and prevention of identity theft Early detection and prevention of insider threat Early detection and prevention of deception Early detection and prevention of money laundering

The lock that is mostly used for cabinets, lockers, and safe deposit boxes is: The wafer lock The disc-tumbler lock The pin-tumbler lock The lever lock

What should be the first step in formulating a physical barrier plan? Establishing the budget Do an environmental scan Performing a risk assessment Identifying the assets to be protected

What are the most cost-effective barriers to be applied in a physical security approach? Barriers made from recycled materials Those that already exist as part of the site Any natural barrier Barriers with low installation costs

Which of the following statements concerning interviewing and deception is TRUE? A single word or behavior characteristic automatically means a person is lying or telling the truth. The assessment of a subject’s truthfulness is based on a single behavior pattern. Some behavioral characteristics that suggest deception may also be displayed by a truthful subject. Deceptive persons answer questions in a direct, straightforward, spontaneous, and sincere manner.

Which of the following is a plan that helps maintain the continuity of essential operations/functions during potential emergency scenarios? ERM BCP RFP COOP

Which of the following is a term named by criminologists to crime prevention strategies that attempt to reduce criminal opportunities, which arise from the routines of daily life? Routine crime prevention Environmental crime prevention Situational crime prevention Community crime prevention

The act or process of appraising or checking an applicant or information for suitability, accuracy, and/or validity, is known as: Background vetting Background screening Performance appraisal Background investigation

The primary information security control types that can be implemented are: Supervisory, subordinate, and peer Personal, procedural, and legal Operational, technical, and management Mandatory, discretionary, and permanent

Undesirable activity thrives in spaces that residents and management fail to claim and therefore mainly remain abandoned. A crime hotspot might be eliminated if police or security establish a presence there or residents, employees or the public occupy the space, providing what is known in CPTED as: Legitimate activity support Management and maintenance support Natural measures Mechanical measures

Where would a sound detector typically be used? In an airport building In a datacenter In a vault In a control room

These need not be registered with any outside agency, so the owner can maintain a greater degree of control over the asset. The owner must be able to prove that the information added value or benefit to the owner, was specifically identified, and the owner provided a reasonable level of protection. This is called which of the following: Patent Copyright Trade Secret Trademark

Which of the following statements concerning security industry standards is not true? Standards address a product, service or process. Standards are mandatory and require compliance. Regulation may require compliance with a standard. Customers more easily judge product quality if it conforms with standards.

What should the company be prepared to use should its selection of qualified contractors be challenged? The entire request for proposal (RFP) Written selection criteria and results documentations The (draft) agreement and terms & conditions The references of the selected contractor

Piers and docks located on an installation should be safeguarded by illuminating both water approaches and the pier area. Decks on open piers should be illuminated to at least: 0.5 foot-candle 1.0 foot-candle 1.5 foot-candles 2.0 foot-candles

Which regulation contains provisions and requirements related to the processing of personal data of individuals who reside in the EEA? GDPR HIPAA SOX IFRS

Which of the following definitions BEST describes a hazard? Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect. Possible risk (physical or operational) that can cause a workplace accident. Possible source of danger (adversary) that can produce an adverse effect. Confirmed source of danger (adversary) that can produce an adverse effect.

When dealing with an active assailant incident, when is the activation of an incident command center the most effective? Before the incident happens Only after the emergency services arrive Early in an incident When the media arrives

Which of the following measure best meets this description? "These are made of reinforced fabrics providing protection from flying glass and materials in an explosion." Window film Window bars Tempered glass Blast curtains

Watery eyes, runny, nose, yawning, loss of appetite, irritability, tremors, panic, chills and sweating, cramps, and nausea would indicate withdrawal symptoms of: Barbiturates Stimulants Heroin Cocaine

There are various ways to organize supervision. One such principle states that workers should report to only one ‘boss’. Which principle is violated in matrix organizations? Chain of command Span of control Unity of command Incident command

In addition to the five (5) functions of management, managers should be guided by two (2) other principles, which are: ‘Continuous improvement’ and ‘Customer service’ ‘Quality’ and ‘Who is the customer’? ‘Continuous improvement’ and ‘Performance metrics’ Quality’ and ‘Performance metrics’

This process requires consideration of the threat type, tactics and mode of operations, capabilities, threat level and likelihood of occurrence. The definition can be modified to include all sites, not only utilities. Threats come from malevolent humans, not accidental (safety-related) events. This process is BEST defined as which of the following? A. Design Basis Threats B. Loss Event Profiles C. Adversarial Sequence Diagrams D. Threat Risk Assessment

Explanations of why people steal have historically referred to the theft triangle, which consists of which of the following motivations? Desire, Need and Opportunity Desire, Motive and Opportunity Want, Need and Motive Want, Need and Lack of Controls

Which theory suggests that an abandoned building or car can remain unmolested indefinitely, but once the first window is broken, the building or car is quickly vandalized? Broken windows theory CPTED Situational crime Window and car approach

Which of the following statements is true with regard to a felony? A. A felony is seldom punishable by imprisonment B. The maximum punishment for a felony is usually not more than 1-year imprisonment C. A felony is punishable by death or imprisonment D. The maximum punishment for a felony is usually a monetary fine or incarceration in a local jail

In your company’s new fulfillment center, concrete planters with steel bars will be used as vehicle barriers. Which K-rating would you require to stop a 6.804 kg / 15.000 lb. vehicle travelling at 80 kph / 50mph? K4 K8 K12 K24

All the following are considered either unethical or dishonest behavior while involved in an investigation, except: Compromising sensitive investigative information Lying during judicial or administrative proceedings Making friends with a witness Improperly handling evidence

Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of …… (an agreement between two or more parties established for the purpose of committing deception or fraud). Misappropriation Misuse Collusion Fraud

Mental disorders may be determined by various symptoms. Which of the following is not such a symptom? Sudden changes in behavior Behavior that is not harmonious with a situation Unduly prolonged depression Solicitous behavior

Which light sources have assumed the major market share of exterior lighting? LED Incandescent Fluorescent Metal Halide

The process of assessing security-related risks from internal and external threats to an entity, its assets and personnel, called a: Vulnerability Assessment Risk Assessment Security Survey Loss Event Profile

Situational ethics can be defined as: Knowing the difference between what is the right thing to do, and what you have the right to do What is occurring at any given point determines what actions are effective, appropriate, and ethical Company policies aimed at specific situations The ‘Golden Rule’

What type of evidence is considered among the least accurate forms of investigative information? Direct physical evidence Documented physical evidence Eyewitness evidence Corroborated statements

CPTED measures which employ good space planning to reduce inhabitant conflicts by considering compatible circulation patterns, including a well-defined building entrance and arranging courtyards, patios and porches for unobstructed lines of sight, describe which of the following? A. Mechanical Measures B. Organizational Measures C. Human Measures D. Natural Measures

Implementing target hardening such as security gates, improving training for security officers, additional video observation CCTV, or barriers would be part of which risk mitigation strategy? Risk Transfer Risk Avoidance Risk Acceptance Risk Acceptance Risk Reduction

In an armed workplace violence incident, the program assumes that an effective response by properly trained personnel will occur if the perpetrator is not diverted. This means that one of the best-planned responses should be which of the following? The quickest responding security force, closest to the incident. Company security personnel from all posts respond to the scene as soon as possible Assigned supervisors who are trained to deal with conflict. Response by correctly trained, armed personnel who will handle the situation.

A joint effort where the local police service’s crime prevention programs bring together local law enforcement and various local security organizations from industry and businesses to focus on specific high-profile crime issues. Such collaboration conserves valuable resources, encourages information sharing, eliminates duplication of effort, and effectively reduces crime. This type of effort is BEST described as a: Force multiplier Crime prevention Mutual aid Cooperative policing

ESRM is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally accepted, established risk management principles. When following the ESRM strategic approach, who has the responsibility for final security decisions? The Chief Security Officer The Chief Executive Officer The asset owner The departmental head

Which of the following is an advantage of trade secrets as compared to other legal protections for intellectual property? They do not have to be classified since they are already secret They do not have to be “registered” or shared with any outside agency They do not have to be renewed after the expiry date They do not have to be included on the balance sheet

Which of the following policy statements should address who is responsible for ensuring that it is enforced? Scope Accountability Overview Exception

Which of the following characteristics relate to the psychological stress analyzer? A physical connection with the body is required The subject is required to answer in a terse "yes" or "no" format It can be used covertly It has no value as a “truth tester”

Threats can be characterized by the formula: Threat = Capability x Intent Threat = Frequency x Probability Threat = Impact x Criticality Threat = Risk x Impact

A device used to detect deception through stress recorded by voice modulations is also known as a: Polygraph Lie detector Psychological stress analyzer Truth serum

A magnetically operated switch using a balanced magnetic field, designed to detect the opening of a secured door, window, or other point of entry. In addition, it detects attempts to defeat the switch by substituting a magnetic field and may have provisions for internal adjustments and detection of switch tampering attempts. This best describes which of the following? Microwave detection devices Passive Infrared detection devices Position detection devices Vibration detection devices

What type of post-implementation test is used to test a complex system that is broken down in separately tested segments? Partial system test Preliminary test Subsystem test Limited scope test

Which of the following BEST describes “Unity of Command”? Dictates that an individual is accountable for more than one (1) employee. Dictates that an individual report to only one (1) supervisor. States how many persons a supervisor may effectively supervise. States the number of security personnel required to function when guided by incident management situations.

The person under a duty to safeguard a proprietary secret is known as a(n): Agent Proprietary security employee Fiduciary Business associate

What is ‘interoperability’? The ability of private security and the public sector to work together. The ability for the emergency responders to work seamlessly with proprietary security forces. The ability for security forces to communicate with internal departments in an emergency. The ability for different jurisdictions and responding agencies to communicate with each other wirelessly.

Which of the following statements is correct? Risk assessment of the organization’s information systems need only to be performed once. Organizations are recommended to only perform quantitative risk assessments. Risk assessments should identify risks, quantify them, and prioritize them according to the organization’s criteria for risk acceptance. Organizations are recommended to only perform qualitative risk assessments.

What is the purpose of a business impact analysis (BIA)? A. To assess and prioritize events that interrupt planned business activities, operations, or functions B. To assess and evaluate the effects of uncertainty on achieving an organization’s business objectives C. To assess and prioritize the impact on the core-business and the financial consequences of a disruption D. To assess and prioritize organizational activities and the resources required to deliver products and services

Emergency management consists of four elements. One of these encompasses activities providing a critical foundation in the effort to reduce loss of life and property from natural and man-made disasters by avoiding or lessening the impact of a disaster and providing value to the public by creating safer communities. It seeks to fix the cycle of disaster damage, reconstruction, and repeated damage. Which element is this? A. Preparedness B. Response C. Mitigation D. Recovery

Which of the following is being tested when a company's payroll server is powered off for eight hours? Succession plan Business impact document Continuity of operations plan Risk assessment plan

SWOT is often used as an assessment tool for developing an organizational strategy. What does the acronym SWOT stand for? Strategy, Weaknesses, Opportunities, Threats Strategy, Weaknesses, Operations, Threats Strengths, Weaknesses, Opportunities, Threats Strengths, Weaknesses, Operations, Threats

A flaw or weakness in an information system’s design, implementation, or operations and management, including policies, procedures, processes, and internal controls that could be exploited to violate the system’s security policy, is known as an: A. Information systems vulnerability B. Information systems threat C. Information systems risk D. Information systems failure

According to the Routine Activity Theory, crime is often the result of a triangle composing of three components. The likelihood of a target becoming a victim depends upon a combination of factors. Which of the following is not an element of this theory? Rationalization Offender The lack of a capable guardian Victim

Which of the following is not a sub-category of civil law? A. Tort law B. Property law C. Domestic law D. Contract law

The investigative report should enable the reader to understand what the investigator did, why it was done, and what resulted. As such, an investigative report should be clear and: Comparative and concise Concise and compassionate Concise and complete Cogent and complete

What does a barrier’s effectiveness dependent on? A. Effectiveness of response force B. The type of material C. The environmental conditions D. How much time the barrier can delay an adversary

Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Target hardening D. Security by design

An approach to reducing crime or security incidents through the strategic design of the built environment typically employing organizational, mechanical, and natural crime prevention methods to control access. A. Security by design B. Balanced security C. CPTED D. Security in depth

A collaborative approach to decision-making and a single incident command post, with the agencies involved in the incident participating in the process through direct representation or through the ICS liaison officer, as appropriate, is referred to as: A. Incident command B. Unified command C. Command structure D. Emergency coordination

Electronic data and material can begin to deteriorate at: A. 100°F B. 150°F C. 200°F D. 300°F

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? A. Dual-factor authentication B. Multifactor authentication C. Single factor authentication D. Biometric authentication

In a bomb threat assessment, the threat evaluation team (TET) is an important asset. Which of the following statements is correct? A. A large team is better than a smaller team. B. The TET can manage several different sites. C. The team’s final decisions are made by several members. D. A record keeper is an important part of the team.

Which of the following is not one of the six steps in performance-based analysis? A. Create an adversary sequence diagram B. Conduct a path analysis C. Perform a cost benefit analysis D. Perform a scenario analysis

Which type of bond provides protection against failure to live up to the contractual obligations? A. Fidelity bond B. Surety bond C. Contract bond D. Promissory bond

The theory that the human organism is motivated by an ascending series of needs and that once the lower needs have been satisfied, they will be supplanted by the higher needs as motives for behavior is known as: A. Maslow’s hierarchy of prepotency B. McGregor’s theory X C. McGregor’s theory Y D. Herzberg’s two factor theory

Three financial reports or statements have become accepted as a standard to make it possible painting a clear picture of a company’s current and prospective financial health. They are: A. The income statement, profit and loss and cash flow statements B. The income statement, balance sheet and cash flow statements C. The balance sheet, profit ratio and cash flow statements D. The income sheet, profit ratio and cash flow statements

The most common lie used by deceptive individuals is: A. The lie of omission B. The exaggeration C. The fabrication D. The minimization

Which risk ratio best expresses the organization’s ability to cover short-term obligations? A. Return on investment B. Current ratio C. Gross margin D. Cashflow

The type of sensor that is not influenced by exterior noise, reacts only to movement within a protected area, and can also be adjusted to the movement of air caused by a fire to activate the alarm is known as a(n): A. Proximity sensor B. Radar sensor C. Vibration sensor D. Ultrasonic sensor

For access control purposes, it is helpful to divide a high-rise structure into three classes or types of interior spaces. Which of the following best describes these? A. Public spaces, semi-private spaces, private spaces B. Common areas, assigned occupancies, maintenance spaces C. Internal spaces, rented spaces, external spaces D. High security, low security, medium security

Which of the following is a contractual obligation imposed by law for preventing unjust enrichment? A. Act of God B. Aleatory contract C. Quasi contract D. Express contract

An employer may not question an applicant about: A. An unsatisfactory interview B. Unexplained gaps in employment history C. An arrest for a crime against property D. A conviction for a crime against property

The Equal Pay Act disallows paying wages based on: A. Age B. Race C. Gender D. All of the above

Some managers believe they have the knowledge, skill, ability, and time to write every lesson plan and deliver every class. According to Hertig, this belief can evolve into the …. A. Overtraining syndrome B. Teacher syndrome C. Frog syndrome D. Floating theory

Agryris theorized that traditional organizational principles, structures and procedures are incompatible with the mental health of employees. According to his Theory of Adult Personality, there are several things a manager could do to correct this mismatch. Which of the following is NOT one of those? A. Simplifying procedures B. Increasing task variety C. Increasing task responsibility D. Using participative decision-making

What are the two major components in most mechanical locks? A. The bolt & the key B. The cylinder & the tumbler array C. The coded mechanism & the fastening device D. The deadbolt & the latch

Which of the following applies to the laser as a means of communication? A. The benefit is that no line-of-sight transmission is necessary B. Poor weather conditions will not interfere with the beam C. It is practically impossible to intercept the beam without detection D. It works well in mountain areas where other signals are weak

Which of the following statements best describes the way an untruthful person acts during an interview or interrogation? A. They are typically relaxed and confident, no stress. B. They are typically showing anxiety through verbal and nonverbal behaviors. C. They are typically very skilled at deceit and disguising clues through verbal and nonverbal behaviors. D. They are typically stressed and will not reveal anxiety through verbal and nonverbal behaviors.

To conserve valuable resources, encourage information sharing, eliminate duplication of effort, and effectively reduce crime, it is customary for the local police service’s crime prevention programs to bring together local law enforcement and various local security organizations from industry and businesses to focus on specific high-profile crime issues. This type of joint effort is best described as: A. A force multiplier B. Crime prevention C. Mutual aid D. Cooperative policing

Which of the following does not apply to synthetic narcotics? A. Two of the most widely available synthetic narcotics are meperidine and methadone B. Synthetic narcotics are natural substances that are enhanced within a laboratory C. Meperidine can be administered by injection or taken orally D. Large doses can result in convulsions

Which of the following processes places emphasis on evaluating vulnerabilities? A. Risk Assessment B. Security Survey C. Loss Event Likelihood Profile D. Loss Event Impact Profile

A process where algorithms are used to scramble the information on a computer so that it is unusable, unless the changes are reversed, is called: A. Firewall B. Virus protection C. VPN protection D. Encryption

The responsibility of a person or organization to take all reasonable measures necessary to prevent activities that could result in harm to other individuals and/or their company, is known as: A. Due diligence B. Security by design C. Due care D. CPTED

Which of the following may be used to list all the potential threats? A. Event probability matrix B. Event sheets C. Event profiles D. Tabletop exercise

Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks? A. Shoulder surfing B. Dumpster diving C. Tailgating D. Spoofing

Which type of camera has a static position and is always aimed at the desired field of view? A. PTZ (Pan Tilt Zoom) B. Fixed C. Infrared D. IP (Internet Protocol)

Security professionals can most effectively convince management of the need for security by quantifying and prioritizing the loss potential with presenting which of the following? A. A strategic plan that applies to the entire organization B. A strategic plan that applies to the security organization C. A cost-benefit analysis and return-on-investment assessment D. A cost-benefit analysis with business unit endorsement

A financial strategy is management’s financial approach to determining the expected returns of its investments (including its departments and operations) and estimating and managing the relevant risks. What is the first step in establishing a financial strategy? A. Identifying expected margins or profit B. Setting cost savings targets C. Identifying possible investors D. Opening a bank account

What should be considered/assessed as one of the first steps before developing the security plan for an organization? A. Staffing B. Budget C. Culture of the organization D. History

A company is interested in purchasing property overseas. They decide to investigate to evaluate the current property owners, the location, finances, and operations of the target property. Which of the following statements is best describes this type of investigation? A. Compliance B. Financial C. Background D. Due diligence

The three (3) primary functions of a Physical Protection System (PPS) are: A. Detect, delay and response B. Deter, detect and response C. Deter, delay and response D. Detect, deter and response

According to most international legal requirements, these are not required to be registered to be protected. Nevertheless, a person can formalize ownership through government registration, which may help in any later enforcement actions. This applies to which of the following? A. Patents B. Copyrights C. Trade Secrets D. Trademark

________ is a statistical technique often using machine learning or data mining to predict and forecast likely future outcomes with the aid of historical and existing data. It works by analyzing current and historical data and projecting what it learns on a model generated to forecast likely outcomes. A. Predictive modeling B. Artificial Intelligence C. Qualitative analysis D. Standard deviation

Which of the following is not true in regard to establishing and identifying personnel to control movement? A. The identification card should be designed as simply as possible B. Detailed instructions should be disseminated as to where, when, and how badges should be worn C. The identification card or badge should be designed in a relatively complicated manner to avoid duplication D. Procedures should be designed to show employees what to do when an identification card or badge is lost

Which light sources can be categorized in the high-intensity discharge (HID) family of lamps? A. Incandescent, Fluorescent, and Induction B. Metal halide, Mercury vapor, and High-pressure sodium C. LED, Low-pressure sodium, and Halogen D. Quartz halogen, Mercury vapor, and Low-pressure sodium

‘A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture and its future goals’. This concept is best referred to as: A. A Mission Statement B. A Vision Statement C. A Strategic Plan D. An Organizational Strategy

The rule that states that approximately one in ten applications will have major omissions, which will require going back to the applicant, is called: A. The rule of 10 B. The rule of 9 C. The 1-10 rule D. Sullivan’s rule

Which three zones are most commonly distinguished for PA (public address system) purposes in high rise buildings? A. Covered parking areas, maintenance areas, and rented areas B. Public access areas, secured zones areas, and rented areas C. Parking areas, hospitality areas, and rented areas D. Public access areas, maintenance areas, and rented areas

Snowball sampling is an example of _____? A. Probability sampling B. Non-probability sampling C. Random sampling D. Systematic sampling

‘A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies, and gauge the level of protection needed’ is the definition for which of the following? A. Risk Analysis B. Vulnerability Analysis C. Security Survey D. Loss Event Survey

Which term best describes the financial commitments of a company? A. Equity B. Assets C. Losses D. Liabilities

This margin gives insight in the in efficiency of manufacturing a product / rendering service: A. Net profit B. Operating profit C. Current ratio D. Gross profit

‘This means that no matter how an adversary attempts to accomplish the goal, effective elements of the PPS will be encountered’. This is best referred to as which of the following? A. Conceptual design criteria B. Performance based design C. Balanced protection D. Design criteria

What does PE represent in the following formula: PE = PI x PN? A. PPS effectiveness B. Probability of interruption C. Probability of neutralization D. Probability of event

The “integration” of traditional physical security functions and information systems & IT security functions is known as: A. Security Organization Integration B. Security Management Systems C. IT and Security Merger D. IT and Security Convergence

Business ______ refers to the absorptive and adaptive capacity of an organization in a complex and changing environment. A. contingency B. continuity C. resilience D. convergence

‘Non-deliberate adverse actions and events, such as hazardous material spills and telecommunications and computer outages’ are considered which of the following? A. Natural threats B. Human threats C. Accidental threats D. Organizational threats

Threat assessment within the Executive Protection community often takes on two definitions. The first is threat assessment associated with proximity to criminal elements such as terrorists, random crimes, etc. The second is applied to persons or groups of concern that have been identified by the protective intelligence function. What is the form of this second type of threat assessment? A. Behavior-based B. Qualitative C. Interview D. Digital

The 200 Flashcards

(200 cards)