Chapter 10- Physical Security Requirements Flashcards

1
Q
  1. What are first line of defence?
A

Physical controls are your first line of defence, and people are your last.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is a secure facility plan:
A

secure facility plan outlines the security needs of an organisation and emphasizes methods or mechanisms to employ to provide security. Such a plan is developed through a process of Critical Path Analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What is Critical Path Analysis
A

Critical Path Analysis is a systemic effort to identify relationships between mission critical applications, processes and operations and all the supporting elements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. List some physical security controls:
A

administrative, technical and physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Functional order in which controls should be used are:
A
  1. Deterrence 2 Denial 3 Detection 4 Delay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What is Service Level Agreement:
A

Service Level Agreement defines the response time a vendor will provide in the event of an equipment failure emergency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Explain MTTF:
A

Mean Time to Failure (MTTF) is the expected typical functional lifetime of a device given a specific operating environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Explain MTTR:
A

Mean Time to Repair (MTTR) is the average length of time required to perform a repair on the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What is MTBF: t
A

Mean Time Between Failures is an estimation of time between the first an any subsequent failures. If the MTTF and MTBF values are the same or fairly similar, manufacturers often only list the MTTF to represent both values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What are modern wiring closets:
A

a modern wiring closet is where networking cables for the whole building or just one floor are connected to other essential equipment, such as patch panels, switches, routers, local area network (LAN) extenders, and backbone channels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Explain wiring closet security:
A

For wiring closet security, the most important aspect is physical security, there should be no unauthorised access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What are cable plant:
A

: cable plant is the collection of interconnected cables and intermediary devices that establish a physical network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. List the elements of a cable plant:
A

cable plant is the collection of interconnected cables and intermediary devices that establish a physical network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is entrance facility:
A

this is known as the demarcation point, this is the entrance to the building where the cable from the provider connects the internal cable plant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is the equipment room:
A

this is the main wiring for the building, often connected to or adjacent to the entrance facility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What is backbone distribution system
A

this provides wired connections between the equipment room and the telecommunications rooms, including the cross floor connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What is the telecommunications room:
A

also known as the wiring closet, serves the connection needs of a floor or a section of a large building by providing space for networking equipment and cabling system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. What is horizontal distribution systems:
A

this provides the connection between the telecommunication room and work areas, often including cabling, cross-connection blocks, patch panels and supporting hardware infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What are server rooms or data centers
A

Server rooms, data centers, communications rooms, wiring closets, server vaults, and IT closets are enclosed, restricted, and protected rooms where your mission-critical servers and network devices are housed. Centralized server rooms need not be human compatible. Server rooms should be located at the core of the building. CCTV monitoring on the door and motion detectors inside the space can also help maintain proper attention to who is coming and going.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Explain Datacenters
A

a datacenter is an external location used to house the bulk of backend computer servers, data storage equipment and network management equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. What are smart cards
A

smart cards are credit card sized IDs, badges or security passes with an embedded magnetic strip, bar code or integrated circuit chip. They contain information about the authorized bearer that can be used for identification and/or authentication purposes. Some smartcards can even process information or store reasonable amounts of data in a memory chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. A smartcard can be known by several phrases or terms:
A

identity token, processor IC Card, IC Card with ISO 7816

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. List some known smartcard attacks:
A

physical attacks, logical attacks, trojan horse attacks and social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. Common multifactor used with smartcards:
A

pin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. What are memory cards:
A

memory cards are machine readable ID cards with magnetic strip eg credit cards or debit cards. Memory cards can retain small amounts of data. They function with 2factor control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are proximity readers?

A

They are used to control physical access. A proximity reader can be a passive device, a field-powered device or transponder. A transponder device is self-powered and transmits a signal received by the reader. This can occur consistently or only at the press of a button (like a garage door opener or car alarm key fob).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. What are Intrusion Detection systems (IDSs):
A

Intrusion detection systems (IDSs) are systems—automated or manual—designed to detect an attempted intrusion, breach, or attack; the use of an unauthorized entry/point; or the occurrence of some specific event at an unauthorized or abnormal time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. What is masquerading?
A

Masquerading is using someone else’s security ID to gain access to a facility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. What is piggybacking?
A

Piggybacking is following someone through a secured gate or doorway without being identified or authorised personally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. How can you detect access abuses?
A

Access abuses can be detected by using audit trails or retaining access logs. Closed circuit television (CCTV) or security cameras.
31. What is emanation security: Emanation Security involves protecting electrical devices that emanate electrical signals. The type of countermeasures and safeguards to protect against emanation attacks are known as TEMPEST countermeasures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. List some TEMPEST countermeasures:
A

Faraday cage, white noise, and control zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. What is Faraday Cage:
A

This is a TEMPEST Counter measure. Faraday Cage is a box, mobile room or entire building designed with an external metal skin, often wire mesh that fully surrounds an area on all sides. Tis metal skin acts as an Electromagnetic interference (EMI) absorbing capacitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. What is white noise?
A

This is a TEMPEST Counter measure. White noise means broadcasting false traffic at all times to mask or hide the presence of real emanations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. What is control zone?
A

This is a TEMPEST Counter measure. A control zone is simply the implementation of either a Faraday Cage or white noise generation or both to protect a specific area in an environment; the rest of the environment is not affected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. What is data remnants?
A

Data Remnants are remaining on a storage device after standard deletion or formatting process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. What is zeroization?
A

Zeroization is the procedure that erases data by replacing it with meaningless data such as zeroes to remove all data remnants

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. What is evidence storage:
A

as cybercrime increases it is important to retain audit logs, audit trails and other digital events. It may also be necessary to retain image copies of drives or snapshots of virtual machines for future comparison

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. What is emanation security
A

Emanation Security involves protecting electrical devices that emanate electrical signals. The type of countermeasures and safeguards to protect against emanation attacks are known as TEMPEST countermeasures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. Explain restricted and work area security
A

There should not be equal access to all locations within a facility. valuable and confidential assets should be located in the heart or centre of protection provided by a facility. E.G. Sensitive Compartmented Information Facility (SCIF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is shoulder surfing?

A

Shoulder surfing is the act of gathering information from a system by observing the monitor or the use of keyboard by the operator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. What is SCIF?
A

? Sensitive Compartmented Information Facility (SCIF) is often used by
government and military contractors to provide a secure environment for highly sensitive data storage and computation. It can be a permanent installation or

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
  1. What is the purpose of SCIF
A

Sensitive Compartmented Information Facilities is used to store, view and update sensitive compartmented information (SCI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
  1. What is power fault?
A

Fault is a momentary loss of power.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
  1. What is power blackout?
A

Power blackout is a complete loss of power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
  1. What is power sag?
A

Power sag is momentary low voltage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
  1. What is Power Brownout?
A

Power blackout is a complete loss of power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
  1. What is power spike:
A

Power spike is momentary high voltage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
  1. What is power surge
A

: Power surge is prolonged high voltage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
  1. What is power inrush?
A

Power inrush is an initial surge of power usually associated with connecting to a power source, whether primary, alternate or secondary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q
  1. What is power noise?
A

Power noise is a steady interfering power disturbance or fluctuation.

51
Q
  1. What is transient power?
A

Transient power is a short duration of noise-interference
(line noise disturbance).

52
Q
  1. What is clean power?
A

Clean power is a nonfluctuating pure power

53
Q
  1. What is ground?
A

Ground is a wire in an electrical circuit that is grounded.

54
Q
  1. List 2 types of Electromagnetic Interference (EMI):
A

Common Mode, Traverse Mode

55
Q
  1. What is common mode
A

common mode noise is generated by a difference in power between hot and ground wires of a power source or operating electrical equipment. i.e. Common Mode = Hot wires - Ground wires

56
Q
  1. What is traverse mode?
A

Traverse mode is generated by diff in power between hot and neutral wires of a power source or operating electrical equipment. i.e. Traverse Mode = Hot wires - Neutral wires

57
Q
  1. What is radio frequency interference?
A

Radio Frequency Interference (RFI) is another source of noise and interference that can affect many of the same systems as EMI.

58
Q
  1. List some equipments that generate RFI
A

Radio Frequency interference can be generated by fluorescent light, electrical cables, electric space heaters, computers, elevators, monitors and electric magnets.

59
Q
  1. What are water detection circuits:
A

: water detection circuits will sound an alarm and alert you if water is encroaching upon equipment. Water and electricity can cause electrocution.

60
Q
  1. Water suppresses —–
A

temperature

61
Q
  1. Soda Acid and other dry powders suppress …….:
A

fuel supply

62
Q
  1. CO2 suppresses……..:
A

Oxygen supply

63
Q
  1. Halon substitutes and other non flammable gases interfere with:
A

chemistry of combustion and or suppress the oxygen supply.

64
Q
  1. List the 4 primary stages of fire: stage 1:
A

Incipient Stage, stage 2: Smoke stage, stage 3: Flame stage, stage 4: Heat Stage

65
Q
  1. What is the primary stage 1 of fire:
A

stage 1 of fire is the incipient stage. At this stage there is air ionisation but no smoke.

66
Q
  1. What is the primary stage 2 of fire:
A

in stage 2, smoke is visible from the point of ignition

67
Q
  1. What is primary stage 3 of fire:
A

the flame stage, this when flame can be seen by the naked eye.

68
Q
  1. What is primary stage 4 of fire:
A

the heat stage, the fire is considerably further down the timescale to the point where there is an intense heat build-up and everything in the area burns.

69
Q
  1. Explain fire management;
A

proper awareness training is one of the basics of fire management. Everyone should know 2 evacuation routes and fire suppression mechanisms within their facility. Staff should know the location and use of fire extinguishers, cardiopulmonary resuscitation (CPR), emergency shutdown procedures, pre-established rendezvous location or safety verification mechanism.

70
Q
  1. Explain class A extinguishers:
A

: class A extinguishers are used on common combustibles and the suppression material is water, soda acid (a dry powder or liquid chemical).

71
Q
  1. Explain class B extinguishers:
A

class B extinguishers are used on liquids. Suppression material is CO2, halon, soda acid. Water cannot be used on this as liquids float on water.

72
Q
  1. Explain class C fire extinguishers:
A

class C is for electrical fires, suppression material is CO2 and halon. Water cannot be used on this as there’s potential for electrocution.

73
Q
  1. Explain class D fire extinguishers:
A

class D extinguishers are for metal and the suppression material is dry powder

74
Q
  1. List the types of fire detection systems
A

fixed temperature detection systems, rate of rise detection systems, flame actuated systems, smoke actuated systems.

75
Q
  1. What is fixed temperature detection system:
A

fixed temperature detection system trigger suppression when a specific temperature is reached.

76
Q
  1. What is rate of rise detection system?
A

Rate of rise detection systems trigger suppression when the speed at which the temperature changes reaches a specific level

77
Q
  1. What is flame actuated system:
A

flame actuated systems trigger suppression based on the infrared energy of flames.

78
Q
  1. What is smoke actuated system:
A

smoke actuated systems use photoelectric or radioactive ionisation sensors as triggers.

79
Q
  1. What are incipient smoke detection systems
A

incipient smoke detection systems also known as aspirating sensors are able to detect chemicals typically associated with the early stages of combustion before fire is otherwise detectible via other means

80
Q
  1. List 4 types of water suppression systems
A

wet pipe system, dry pipe system, deluge system, pre-action system.

81
Q
  1. What is wet pipe system:
A

: wet pipe system is always full of water, water discharges immediately when suppression is triggered. It is also known as closed head system.

82
Q
  1. What is dry pipe system
A

Dry pipe contains compressed air, once suppression is triggered, the air escapes, opening a water valve that in turn causes the pipes to fill and discharge water into the environment.

83
Q
  1. What is deluge
A

deluge system is a form of dry pipe system that uses large pipes and therefore delivers a significantly larger volume of water. They are inappropriate for environments that contain electronics and computers.

84
Q
  1. What is pre-action:
A

it is a combination of dry pipe and wet pipe system.

85
Q
  1. What is gas discharge:
A

gas discharge is more effective than water discharge systems. They remove oxygen from the air and employ a pressurized gaseous suppression medium e.g., CO2, halon, or FM-200

86
Q
  1. What is fence:
A

Fence is a perimeter defining device.

87
Q
  1. What is gate
A

Gate is a controlled entry and exit point in a fence. Keep number of gates to a minimum. They can be monitored by guards, when not the use of dogs and CCTV is recommended

88
Q
  1. What is turnstile
A

Turnstile is form of gate that prevents more than one person at a time from gaining entry and it often restricts movement in one direction. It can be used to gain entry and not exit and vice versa

89
Q
  1. What is mantrap
A

mantrap is a double set of doors that is often protected by a guard or some physical layout that prevents piggybacking and can trap individuals at the discretion of security personnel.

90
Q
  1. What is the purpose of man trap
A

Mantrap is used to immobilize a subject until their identity and authentication is verified.

91
Q
  1. Explain lighting
A

lighting is a form of perimeter control. It is used to discourage casual intruders, trespasses etc. it should not illuminate positions of guards, dogs, patrol posts etc.

92
Q
  1. List some deterrent security controls:
A

fence, lighting, CCTV, guards, dogs

93
Q
  1. An alternative to security guards are:
A

dogs, dogs are good for detection and deterrent measures.

94
Q
  1. An alternative to security guards are:
A

dogs, dogs are good for detection and deterrent measures.

95
Q
  1. What is the purpose of locks:
A

locks are identification and authorisation mechanisms.

96
Q
  1. What is shimming?
A

Shimming is categorised under a class of lock mechanism attacks.

97
Q
  1. Electronic Access control locks incorporates 3 elements, list them:
A

an electromagnet; to keep the door closed, a credential reader to authenticate subjects and to disable the electromagnet, a sensor to reengage the electromagnet when the door is closed.

98
Q
  1. Badges can be used for…….. and ……..:
A

identification and authentication

99
Q
  1. How can a badge be used as identification?
A

This occurs when a badge is swiped.

100
Q
  1. How can a badge be used for authentication?
A

After identification by using the badge the owner may be required to provide password, passphrase or biological trait (biometrics).

101
Q
  1. What is motion sensor or detector:
A

motion sensor or detector is a device that sense movement or sound in a specific area.

102
Q
  1. List some motion detectors:
A

infrared, heat, wave pattern, capacitance, photoelectric and passive audio

103
Q
  1. What are infrared motion detectors:
A

infrared motion detectors monitors for significant or meaningful changes infrared lighting pattern of a monitored area.

104
Q
  1. What are wave pattern motion detectors:
A

wave pattern motion detectors transmits a low ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes or disturbances in reflected patterns

105
Q
  1. What is capacitance motion detector:
A

capacitance motion detector senses changes in electrical or magnetic field surrounding a monitored object.

106
Q
  1. What is photoelectric motion detector
A

: photoelectric motion detector senses changes in visible light levels for the monitored area. They are usually employed in dark rooms with no windows

107
Q
  1. What is passive audio motion detector:
A

passive audio motion detector listens for abnormal sounds in monitored area.

108
Q
  1. How do motion detectors work?
A

Whenever a motion detector registers a significant or meaningful change in the environment, it triggers an alarm.

109
Q
  1. What does alarms trigger:
A

alarms triggers deterrent, a repellent or notification.

110
Q
  1. What is deterrent alarm
A

deterrent alarms make further intrusion more difficult e.g. engaging additional locks, shut doors etc.

111
Q
  1. What are repellant alarms:
A

repellent alarms are used to discourage intruders or attackers from continuing their malicious or trespassing activities and to force them off the premises.

112
Q
  1. What are notification alarms:
A

notification alarms are silent from the intruder/attacker’s perspective but record data about the incident and notify administrators, security guards and law enforcement.

113
Q
  1. What are local alarms:
A

local alarms must be audible and can easily be heard 400feet away. There must be security guards positioned nearby.

114
Q
  1. What are central station system:
A

this alarm is silent locally but offsite monitoring agents are notified so that they can respond to the security breach. Most residential security are of this type.

115
Q
  1. What is proprietary system
A

proprietary system this alarm is silent locally, but organisation have its own onsite security staff waiting to respond to security breaches.

116
Q
  1. What are auxiliary stations
A

auxiliary alarm systems can be added to local or centralized alarm systems. when the security perimeter is breached, emergency services are notified to respond to the incident and arrive at the location. This could include police, fire and medical services

117
Q

——–Is a Secondary verification mechanism to motion detectors

A

CCTV.

118
Q

CCTV is a ……measure whereas reviewing recorded events is a ………measure.

A

Preventive, Detective

119
Q
  1. What is privacy:
A

privacy means protecting personal information from disclosure to any authorized individual or entity.

120
Q

a

A

a

121
Q

a

A

a

122
Q

a

A

a

123
Q

a

A

a

124
Q

a

A

a