9 - Physical (Environmental) Security Flashcards
- If an intruder is able to circumvent physical access security and is able to take over control of internal systems, what principle of security is violated?a. Availabilityb. Integrityc. Accountabilityd. Privacy
B: Loss of control over a system is a violation of integrity.
- Which of the following is not a threat to physical security?a. Sabotageb. Toxic material releasec. Brute force password attacksd. Electromagnetic pulse
C: A brute force password attack is a violation of technical or logical security.
- Which of the following is not considered a form of physical access control?a. Fencingb. Dogsc. Lightingd. CCTV
D: CCTV is considered a technical or logical access control.
- Which of the following is an example of a physical security administrative control?a. Facility constructionb. fencingc. man trapsd. security guards
A: Facility construction is an example of a physical security administrative control.
- Which of the following is not an example of a physical security technical control?a. access controlsb. personnel controlsc. intrusion detectiond. HVAC management
B: Personnel controls are an example of a physical security administrative control.
- Which of the following is an example of a physical security technical control?a. lightingb. facility construction materialsc. fire detection and suppressiond. facility Selection
C: Fire detection and suppression is an example of physical security technical control.
- Physical security is maintained through three types of controls. Which of the following is not one of these?a. Defensiveb. Physicalc. Technicald. Administrative
A: Defensive is not a type of physical security control.
- The study of the facility infrastructure to determine what elements are essential to the support of physical security is known as?a. Risk analysisb. Critical path analysisc. Delphi techniqued. Collusion inspection
B: Critical path analysis is the study of the facility infrastructure to determine what elements are essential to the support of physical security.
- Which of the following is not a physical security administrative control?a. Site constructionb. Personnel trainingc. Intrusion detection systemsd. Emergency response procedures
C: Intrusion detection systems is a physical security technical control.
- When evaluating the security of a new facility or site, which of the following is the least important?a. costb. locationc. fire ratingd. local emergency services
A: Cost is the least important aspect when evaluating the security of a new facility or site.
- Which of the following is the least important aspect of a secured server room?a. fire suppression systemb. human compatibilityc. temperature control systemd. efficient use of space (such as stacking machines)
B: Human compatibility is the least important aspect of a secured server room. In fact, server rooms are often very incompatible for humans.
- When evaluating, selecting, and deploying physical security access controls, what is always the most important?a. costb. ease of maintenancec. protection of human safetyd. reliability
C: Protection of human safety is always the most important aspect of any security control.
- Which of the following is not a physical security physical control?a. Fencingb. Lightingc. Data backupsd. Man traps
C: Data backups is a physical security technical control.
- Which of the following is the least important aspect to consider when selecting a physical location for a highly secured facility?a. Local crime rateb. Access roadsc. Surrounding terraind. Proximity to airport flight path
D: The proximity to airport flight path is the least important consideration aspect from this list. In most cases, except for top-secret military facilities, being in a flight path is inconsequential.
- When constructing a new building for a secure site, which of the following is the least important issue to consider in regards to security?a. The combustibility of the walls and ceilingb. Whether windows can be openedc. The type of fire suppression systemd. The size of the facility
D: The size of the facility is the least important security factor to consider.
- Which of the following is not an example of a physical security physical control?a. guard dogsb. man trapsc. fencingd. data backups
D: Data backups are an example of a physical security technical control.
- Which of the following is an example of a physical security physical control?a. security guardsb. CCTV monitoringc. Power supply managementd. intrusion detection
A: Security guards are an example of a physical security physical control.
- Which of the following is the least important aspect to consider when selecting a security facility location?a. surrounding terrainb. costc. access to emergency servicesd. proximity to residential areas
B: Cost is the least important aspect when considering a location for a secure facility (from this list of options).
- When should hardware be replaced to maintain availability?a. At the mean time to repairb. Every two yearsc. When capacity reaches 65% utilizationd. Before the mean time between failures
D: Hardware should be replaced before it reaches its age of mean time between failures.
- Which of the following is not an example of a physical security administrative control?a. trainingb. facility managementc. emergency response proceduresd. alarms
D: Alarms are examples of physical security technical controls.
- Which of the following is not a benefit of a human incompatible server/computer room?a. An emergency shelterb. Improved fire suppressionc. Lower temperature settings d. Efficient use of space
A: A human incompatible server room cannot serve as an emergency shelter, this is a disadvantage.
- When physical security is violated and damage occurs to the computer hardware itself, this is a violation of what principle of security?a. Availabilityb. Confidentialityc. Accountabilityd. Integrity
A: Physical damage is a violation of availability.
- Which of the following is the least important aspect to consider when selecting a security facility location?a. access to means of transportationb. frequency of earthquakesc. sized. direction of door openings
C: Size is the least important aspect when considering a location for a secure facility (from this list of options).
- Which of the following is the least important aspect to consider when designing the interior of a security facility?a. load ratingb. fire resistancec. accessibilityd. consistency in decorating scheme
D: Consistency in decorating scheme, such as the color and texture, are the least important aspect of a facility’s interior when designing security.
- Which of the following is not an important physical security factor when considering the security of windows?a. UV reflection or blockingb. translucency vs. opaquenessc. shatterproofd. placement
A: UV reflection or blocking is the least important factor in regards to security when considering windows.
- Which of the following is a direct threat to maintaining the integrity of hosted data?a. unauthorized disclosureb. termination of power to the supporting systemsc. no input validationd. loss of physical access control of a system
C: No input validation is a threat to maintaining the integrity of hosted data.
- Which of the following represents a threat to confidentiality, integrity, and availability?a. theft of a notebookb. physical destruction of access terminalsc. unauthorized disclosured. termination of power to the supporting systems
A: Theft of a laptop represents a threat to confidentiality, integrity, and availability.
- Which of the following is not considered a physical security emergency? a. toxic material releaseb. intrusion attempts through communication linksc. facility fired. flooding
B: Intrusion attempts through communication links is a technical or logical security emergency, not physical.
- Which of the following is not an important physical security factor when considering the security of flooring?a. load ratingb. texturec. conductivity of the surfaced. combustibility
B: The texture of following is the least important physical security factor when considering the security of flooring.
- Internal partitions are useful for creating?a. division of work from visitor spacesb. fire barriersc. separate work spacesd. distinction between areas of different sensitivity
C: Partitions are useful for creating separate work spaces.
- Which of the following should be used to provide sufficient security and separation of areas with various levels of sensitivity and confidentiality?a. partitionsb. windowsc. boundaries outlined by colored taped. floor to ceiling permanent walls
D: Floor to ceiling permanent walls should be used to provide sufficient security and separation of areas with various levels of sensitivity and confidentiality.
- Which of the following is not a human threat to physical security?a. vandalismb. strikesc. utility lossd. sabotage
C: Utility loss is a threat of physical security that can be caused by humans, but it can also be caused by natural disasters. This is the best answer for this question.
- The most important factor when designing and implementing physical security solutions is?a. cost effectiveness of mechanismsb. efficiency of solutionsc. automation of controlsd. personnel safety
D: Personnel safety is always the most important factor when designing and implementing physical security solutions.
- To protect the data center from threats to physical security, what should be done?a. It should be placed in the center or core of the facilityb. It should be located off sitec. It should be placed in the basementd. It should be distributed throughout the facility
A: The data center should be placed in the center or core of a facility for the maximum protection from threats to physical security.
- When designing a facility to provide protection for sensitive electrical equipment, what is the most important factor?a. load rating of the floorb. electrical conductance of the flooring materialc. whether or not raised flooring is usedd. the physical dimensions of the data center room
B: The most important factor when protecting sensitive electrical equipment is the electrical conductance of the flooring material or the likelihood of generation and sparking of static electricity.
- Secure and protected computer rooms or data centers should be all but which of the following?a. restricted accessb. electronic equipment compatible fire suppression systemc. human compatibled. located in the center or core of the facility
C: A computer room or data center need not be human compatible to be secure and protected.
- The momentary increase in power often experienced at the moment when a device or a power system is turned on is known as?a. surgeb. spikec. noised. inrush
D: An inrush is the momentary increase in power often experienced at the moment when a device or a power system is turned on.
- The short duration of an interfering disturbance in the power line is known as?a. transientb. spikec. noised. sag
A: A transient is a short duration of an interfering disturbance in the power line.
- The radiation generated by the difference in power of the hot and neutral wires of a circuit is known as?a. transientb. traverse mode noisec. common mode noised. brownout
B: Traverse modem noise is the radiation generated by the difference in power of the hot and neutral wires of a circuit.
- An important aspect of a physical security mechanism is?a. personnel safetyb. compliance with industry standardsc. similarity with existing solutionsd. user training required
A: Personnel safety is an important concern when considering security mechanisms.
- Physical security mechanisms should always?a. be invisible to the userb. comply with laws and regulationsc. be automatedd. be approved by all levels of management
B: Physical security mechanisms should always comply with laws and regulations.
- To control costs while maintaining a reasonable level of protection against the failure of hardware, you should?a. know the locations of several hardware vendors in your cityb. maintain a hot site duplicate facilityc. obtain a service level agreement with a hardware vendord. store replacement parts on site
C: Obtaining a service level agreement with a hardware vendor provides a reasonable level of protection against the failure of hardware.
- Which of the following is not an effective means to eliminate or reduce power line noise?a. move power lines away from strong magnetic sourcesb. ensure proper groundingc. use cables with fewer twistsd. add cable shielding
C: Cables with fewer twists will increase the likelihood of power line noise.
- According to the ANSI standard, at what point of a drop in power between the power source and the meter is a brownout declared?a. 1.20%b. 10%c. 3.50%d. 8%
D: According to the ANSI standard, at a drop of 8% in power between the power source and the meter is a brownout declared.
- Which is not a Water-based Fire protection System?a. Preaction Systemb. Deluge Systemc. Dry Pipe Systemd. Infared Flame Detector
D: An Infared flame detector is not a water based fire protection system in itself. It can be used inconjunction with other water based systems. The infared flame detector reacts to emissions from flame.
- Hardware components should be replaced when?a. Every yearb. Immediately after their second failurec. On every instance of a failured. Before their mean time between failure time period expires
D: Hardware components should be replaced before their mean time between failure (MTBF) time period expires.
- The hardware component rating of mean time to repair (MTTR) is used for what purpose?a. to determine how often to expect to replace a deviceb. to determine when to replace a devicec. to determine how long it takes to repair a deviced. to determine the length of time after the first failure before a device must be replaced.
C: The mean time to repair (MTTR) is used to determine how long it will take to repair a device.
- Which of the following is not considered an adequate protection means for a mission critical server?a. uninterruptible power supplyb. surge protectorc. alternate power supplyd. backup generator
B: A surge protector, while useful and recommended, is not the best option from this list of power protection devices for a mission critical server.
- A momentary loss of power is known as?a. brownoutb. spikec. faultd. sag
C: A fault is a momentary loss of power.