5.1 Physical Security

Question 1

What is physical security?

Answer 1

Security principals put in place to protect people, equipment and facilities.

Question 2

What are business continuity planning?

Answer 2

Plans you put in place to ensure critical business functions can continue in place of an emergency.

Question 3

What are disaster recovery plans?

Answer 3

Plans put in place to prepare for a potential disaster, including what to do during and after.

Question 4

What are the three major concerns for physical security, in order of importance?

Answer 4

People, data, equipment

Question 5

What are the three main kinds of physical security measures?

Answer 5

deterrent, detective, preventive

Question 6

What are examples of Deterrent controls?

Answer 6

Signs outside a building - being recorded, beware dogs/ These will only help keep honest people honest.

Question 7

What are examples of detective controls?

Answer 7

Burglar systems. systems that check for unauthorized activities. Includes humans and animal guards.

Question 8

What are examples of preventive controls?

Answer 8

Physical means to protect - high walls, mechanical locks, bollards.

Question 9

Why might you want to use RAID?

Answer 9

As a backup - since a RAID can store information and the infrastructure used to access it - important when data needs to be access remotely all the time incase primary system fails.

Question 10

What is physical security’s most important concern?

Answer 10

Protecting people

Question 11

What type of physical access control might you put in place to block access to a vehicle?

Answer 11

Bollards

Question 12

Can you give three examples of physical controls that work as deterrents?

Answer 12

Signs - human guard - video recording

Question 13

Can you give an example of how a living organism might constitute a threat to your equipment?

Answer 13

Small insects can chew wires causing shorts - interfere with cooling fans

Question 14

Which category of physical control might include a lock?

Answer 14

preventive

Question 15

What is residual data, and why is it a concern when protecting the security of your data?

Answer 15

data left in disposed hard drives, printers, fax machines that may have internal storage. These items need to be fully erased.

Question 16

What is your primary tool for protecting people?

Question 17

What are some physical concerns for protecting people?

Answer 17

extreme temps - water - living organisms, mold, Energy anomalies including microwaves, electrical faults by poor insulation. ** Other People are dangerouse

Question 18

During an emergency (physical) what should you prioritize?

Answer 18

Evacuating

Question 19

What are Administrative Controls?

Answer 19

Policies, procedures, and guidelines, regulations and laws.

Question 20

Examples of administrative controls?

Answer 20

Background Checks, drug tests, NDA’s (non disclosure agreements

Question 21

Whats the primary way to protect data?

Answer 21

Encrypt it

Question 22

What physical concerns are there for the following?
-Magnetic
-Flash
-Optical

Answer 22

Magnetic - jolting while in motion, magnetic fields
Flash - Crushing the chip, electrical shocks
Optical - scratching the surface, CD, temp sensitive

Question 23

What is RAID?

Answer 23

Redundant Arrays of Inexpensive Disks

Question 24

What are three physical concerns for equipment damage?

Answer 24

Extreme temps (especially heat), liquids, living organisms.

Question 25

Securing access to equipment and facilities involves implementing _____________________ both inside and outside the facility.

Answer 25

multiple layers of security measures

Question 26

*
Site selection for facilities should consider potential_______ ________and the ability to mitigate them.

Answer 26

environmental threats

Question 27

How do you avoid residual data?

Answer 27

Properly dispose of it

Question 28

Ensuring data availability involves protecting both the _____________________ of storage media and the ___________ needed to access it.

Answer 28

physical integrity; infrastructure

Question 29

The level of physical security implemented should be consistent with_______________________.

Answer 29

the value of the asset being protected.

Question 30

Identify the 3 Layers of a Defense-in-Depth Strategy

Answer 30

• Physical Controls
• Logical Controls
• Administrative Controls

Question 31

Identify the 3 Elements of Risk Management in Policies and Procedures

Answer 31

• Risk Identification *
  Risk Analysis
• Risk Mitigation

Question 32

Identify 3 Cybersecurity Concepts that Protect IT Infrastructure

Answer 32

• Firewalls
• Intrusion Detection Systems
• Multi-Factor Authentication

Question 33

Categorize Security Principles According to Asset Needing Protection
Data, Hardware, Software

Answer 33

• Data: Encryption, Backups
• Hardware: Locks, Surveillance
• Software: Patch Management

Question 34

Classify Threats and Attacks According to CIA Triad
-Interception

Answer 34

Interception: Targets confidentiality

Question 35

Classify Threats and Attacks According to CIA Triad, Interruption

Answer 35

Interruption: Targets availability

Question 36

Classify Threats and Attacks According to CIA Triad, Modification

Answer 36

Modification: Targets integrity

Question 37

Classify Threats and Attacks According to CIA Triad - Fabrication

Answer 37

• Fabrication: Targets integrity and authenticity

Question 38

Categorize Control Mechanisms
Physical
Logical
Human Error

Answer 38

• Physical Controls: Tackle physical threats
• Logical Controls: Address data threats
• Administrative Controls: Human error mitigation

Question 39

What are two advantages of flash media over traditional magnetic media?

Speed

Security

Storage

Cost

Answer 39

Speed
Cost