5.1 Physical Security Flashcards

1
Q

What is physical security?

A

Security principals put in place to protect people, equipment and facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are business continuity planning?

A

Plans you put in place to ensure critical business functions can continue in place of an emergency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are disaster recovery plans?

A

Plans put in place to prepare for a potential disaster, including what to do during and after.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three major concerns for physical security, in order of importance?

A

People, data, equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three main kinds of physical security measures?

A

deterrent, detective, preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are examples of Deterrent controls?

A

Signs outside a building - being recorded, beware dogs/ These will only help keep honest people honest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are examples of detective controls?

A

Burglar systems. systems that check for unauthorized activities. Includes humans and animal guards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are examples of preventive controls?

A

Physical means to protect - high walls, mechanical locks, bollards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why might you want to use RAID?

A

As a backup - since a RAID can store information and the infrastructure used to access it - important when data needs to be access remotely all the time incase primary system fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is physical security’s most important concern?

A

Protecting people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of physical access control might you put in place to block access to a vehicle?

A

Bollards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can you give three examples of physical controls that work as deterrents?

A

Signs - human guard - video recording

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can you give an example of how a living organism might constitute a threat to your equipment?

A

Small insects can chew wires causing shorts - interfere with cooling fans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which category of physical control might include a lock?

A

preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is residual data, and why is it a concern when protecting the security of your data?

A

data left in disposed hard drives, printers, fax machines that may have internal storage. These items need to be fully erased.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is your primary tool for protecting people?

A
17
Q

What are some physical concerns for protecting people?

A

extreme temps - water - living organisms, mold, Energy anomalies including microwaves, electrical faults by poor insulation. ** Other People are dangerouse

18
Q

During an emergency (physical) what should you prioritize?

A

Evacuating

19
Q

What are Administrative Controls?

A

Policies, procedures, and guidelines, regulations and laws.

20
Q

Examples of administrative controls?

A

Background Checks, drug tests, NDA’s (non disclosure agreements

21
Q

Whats the primary way to protect data?

A

Encrypt it

22
Q

What physical concerns are there for the following?
-Magnetic
-Flash
-Optical

A

Magnetic - jolting while in motion, magnetic fields
Flash - Crushing the chip, electrical shocks
Optical - scratching the surface, CD, temp sensitive

23
Q

What is RAID?

A

Redundant Arrays of Inexpensive Disks

24
Q

What are three physical concerns for equipment damage?

A

Extreme temps (especially heat), liquids, living organisms.

25
Q

Securing access to equipment and facilities involves implementing _____________________ both inside and outside the facility.

A

multiple layers of security measures

26
Q

*
Site selection for facilities should consider potential_______ ________and the ability to mitigate them.

A

environmental threats

27
Q

How do you avoid residual data?

A

Properly dispose of it

28
Q

Ensuring data availability involves protecting both the _____________________ of storage media and the ___________ needed to access it.

A

physical integrity; infrastructure

29
Q

The level of physical security implemented should be consistent with_______________________.

A

the value of the asset being protected.

30
Q

Identify the 3 Layers of a Defense-in-Depth Strategy

A
  • Physical Controls
  • Logical Controls
  • Administrative Controls
31
Q

Identify the 3 Elements of Risk Management in Policies and Procedures

A
  • Risk Identification *
    Risk Analysis
  • Risk Mitigation
32
Q

Identify 3 Cybersecurity Concepts that Protect IT Infrastructure

A
  • Firewalls
  • Intrusion Detection Systems
  • Multi-Factor Authentication
33
Q

Categorize Security Principles According to Asset Needing Protection
Data, Hardware, Software

A
  • Data: Encryption, Backups
  • Hardware: Locks, Surveillance
  • Software: Patch Management
34
Q

Classify Threats and Attacks According to CIA Triad
-Interception

A

Interception: Targets confidentiality

35
Q

Classify Threats and Attacks According to CIA Triad, Interruption

A

Interruption: Targets availability

36
Q

Classify Threats and Attacks According to CIA Triad, Modification

A

Modification: Targets integrity

37
Q

Classify Threats and Attacks According to CIA Triad - Fabrication

A
  • Fabrication: Targets integrity and authenticity
38
Q

Categorize Control Mechanisms
Physical
Logical
Human Error

A
  • Physical Controls: Tackle physical threats
  • Logical Controls: Address data threats
  • Administrative Controls: Human error mitigation
39
Q

What are two advantages of flash media over traditional magnetic media?

Speed

Security

Storage

Cost

A

Speed
Cost