Chapter 3: Physical Access Controls - Part 2

Question 1

Physical Access Controls: It can be explicit or implicit (T or F)

Answer 1

True. Explicit through a key for each authorized individual or implicit in the job description

Question 2

Physical Access Controls: What is the main purpose?

Answer 2

Protection from unauthorized individuals

Question 3

Physical Access Controls: require the traditional metal key to gain entry

Answer 3

Bolting Door Locks

Question 4

Physical Access Controls: The key in bolting door locks should be stamped ___ and issued under_____

Answer 4

Do not duplicate

strict management control

Question 5

Physical Access Controls: use a numeric keypad or dial to gain entry and are often seen
at airport gate entry doors and smaller server rooms

Answer 5

Combination door locks (cipher locks)

Question 6

Physical Access Controls: When must the combination of combination door locks (cipher locks) be changed?

Answer 6

At regular intervals or when employees with access is transferred, fired or subject to disciplinary acion

Question 7

Physical Access Controls: use a magnetic or embedded chip-based plastic card key or token entered into a sensor reader to gain access

Answer 7

Electronic Door locks

Question 8

Physical Access Controls: What are the advantages of electronic door locks over bolted and combination locks?

Answer 8

1. Cards can be assigned to an identifiable individual
2. It is difficult to duplicate
3. It can be used to given specific restrictions such as hour of the day or particular entries only.
4. It can easily be deactivated
5. Silent or audible alarms can be activated when unauthorized individuals try to access an area

Question 9

Physical Access Controls: ___,___ __, and _____ is an administrative process that must be carefully controlled (Electronic Door Locks)

Answer 9

Issuing, Accounting for, and Retrieving

Question 10

Physical Access Controls: The __ __ is an important item to retrieve when an employee leaves the firm.
(Electronic Door Locks)

Answer 10

card key

Question 11

Physical Access Controls: is a physical control technique that uses a plastic card with a magnetic strip containing encoded data to provide
access to restricted or secure locations

Answer 11

swipe card

Question 12

Physical Access Controls: are activated by an individual’s unique body features, such as voice, retina,
fingerprint, hand geometry or signature

Answer 12

Biometric Door Locks

Question 13

Physical Access Controls: This system is used in instances when extremely sensitive
facilities must be protected, such as in the military

Answer 13

Biometric Door Locks

Question 14

Physical Access Controls: means all visitors are required to sign a visitor’s log indicating their name, the company they are representing, reason for visiting, person to see and date and time of entry and
departure

Answer 14

Manual Logging

Question 15

Physical Access Controls: Logging is typically done at the front reception desk and entrance to the computer room upon exit (T or F)

Answer 15

False. Logging must be done before entering

Question 16

Physical Access Controls: In manual logging, before gaining access what must be provided?

Answer 16

A verification of identification or ID

Question 17

Physical Access Controls: is a feature of electronic and biometric security systems.

Answer 17

Electronic logging

Question 18

Physical Access Controls: (Electronic logging) All access is logged with successful attempts being highlighted (T or F)

Answer 18

False. unsuccesful attempts are highlighted

Question 19

Physical Access Controls: What should be worn by ALL personnel

Answer 19

Identification Badges

Question 20

Physical Access Controls: Visitor badges should have similar IDs as employees (T or F)

Answer 20

False. They must have a different colored badge

Question 21

Physical Access Controls: (IDs) IDs can also be used as electronic key cards (T or F)

Answer 21

True

Question 22

Physical Access Controls: Video Cameras must be located at ____ and monitored by ___ ___

Answer 22

Strategic points
Security Guards

Question 23

Physical Access Controls: Video Cameras must be retained for a short amount of time (T or F)

Answer 23

It depends, but it must be retained for possible future playback

Question 24

Physical Access Controls: Video Cameras must be recorded in a sufficient ___ to permit enlarging the image

Answer 24

Resolution

Question 25

Physical Access Controls: are very useful if supplemented by video cameras and locked doors.

Answer 25

Security Guards

Question 26

Physical Access Controls: Security guards from external agencies mus be?

Answer 26

Bonded

Question 27

Physical Access Controls: Controlled visitor access means all visitors should be?

Answer 27

Escorted by a responsible employee

Question 28

Physical Access Controls: visitors does not include friends (T or F)

Answer 28

False

Question 29

Physical Access Controls: Consultants may not need to be escorted (T or F)

Answer 29

True. Long terms consultants may be granted special gust access.

Question 30

Physical Access Controls: All __ ___ __, such as cleaning people and offsite storage services, should be
___ ___.

Answer 30

service contract personnel
bonded personnel

Question 31

Physical Access Controls: Having bonded personnel increases physical security (T or F)

Answer 31

False. It only limits financial exposure.

Question 32

Physical Access Controls: uses 2 doors found in entries to facilities

Answer 32

Deadman doors

Question 33

Physical Access Controls: Deadman doors are also referred to as?

Answer 33

Mantrap or airlock entrance

Question 34

Physical Access Controls: Deadman doors reduces the risk of what type?

Answer 34

Piggybacking

Question 35

Physical Access Controls: Computer workstation locks are usually employed in?

Answer 35

High-security workstations such as process payroll

Question 36

Physical Access Controls: A controlled single-entry point, monitored by a ____ , should be used by __ ___ ___.

Answer 36

receptionist

all incoming personnel

Question 37

Physical Access Controls: Emergency exists can be what for quick evacuation

Answer 37

wired to an alarmed panic bar

Question 38

Physical Access Controls: What should be the relationship between security personnel and alarm systems

Answer 38

The alarms must be heard by security personnel when activated

Question 39

Physical Access Controls: What should be the do’s and dont’s of Secured report/document distribution carts

Answer 39

1. It must be locked
2. It must not be left unattended

Question 40

Physical Access Controls: Directions to facilities must be clearly stated to guide the personnel (T or F)

Answer 40

False. There must be no directions.

Question 41

Physical Access Controls: Computer rooms can be visible from the outside through windows (T or F)

Answer 41

False. Computer rooms must not have windows nor should it be visible from the outside

Question 42

Physical Access Controls: The building or department directory should discreetly identify
only the specific location of the information processing facility (T or F)

Answer 42

False. only the general location

Question 43

Auditing Physical Access: What do you do to gain an overall understanding and perception of the installation being reveiwed

Answer 43

Touring the computer site

Question 44

Auditing Physical Access: If the site is owned by a third party what may be required?

Answer 44

A contractual right of audit

Question 45

Auditing Physical Access: A tour provides the opportunity to begin reviewing what?

Answer 45

Physical access restrictions

Question 46

Auditing Physical Access: The __ __ and ______ should be included in the tour

Answer 46

Computer site, any offsite storage facilities

Question 47

Auditing Physical Access: Much of the testing of physical safeguards can be achieved through visual inspection (T or F)

Answer 47

True

Question 48

Auditing Physical Access: What are the documents that assist you?

Answer 48

1. Emergency evacuation procedures
2. Inspection tags
3. Fire suppression system test results
4. Key lock log

Question 49

Auditing Physical Access: What are the other locations to test

Answer 49

• Location of all operator consoles
• Printer rooms
• Computer storage rooms (this includes equipment, paper and supply rooms)
• UPS/generator
• Location of all communications equipment identified on the network diagram
• Media storage
• Offsite backup storage facility

Question 50

Auditing Physical Access: IS auditor should look above the ___ and below the ___ in the computer operations center

Answer 50

Above the ceiling panels and below the raised floors

Question 51

Auditing Physical Access: For ground-floor computer room, the IS auditor may consider?

Answer 51

walking around the outside of the room