CHAPTER 5_Physical and Environmental Security Flashcards

Question 1

Q

Emphasis: Cross-sectional

Answer

A

A photoelectric system, or photometric system, detects the change in a light beam and thus can be used only in windowless rooms. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted by the photoelectric cell can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver. These are the most commonly used systems in the movies. You have probably seen James Bond and other noteworthy movie spies or criminals use night-vision goggles to see the invisible beams and then step over them.

Question 2

Q

Emphasis: Similarities in Approaches

Answer

A

Similarities in ApproachesThe risk analysis steps that need to take place for the development of a physical security program are similar to the steps outlined in Chapter 2 for the development of an organizational security program and the steps outlined in Chapter 8 for a business impact analysis, because each of these processes (development of an information security program, a physical security program, or a business continuity plan) accomplishes goals that are similar to the goals of the other two processes, but with different focuses. Each process requires a team to carry out a risk analysis to determine the company’s threats and risks. An information security program looks at the internal and external threats to resources and data through business processes and technological means. Business continuity looks at how natural disasters and disruptions could damage the organization, while physical security looks at internal and external physical threats to the company resources.

Question 3

Q

Explanation Bullets: If a team is organized to assess the protection level of an existing facility, it needs to investigate the following:

Answer

A

Construction materials of walls and ceilings
Power distribution systems
Communication paths and types (copper, telephone, fiber)
Surrounding hazardous materials
Exterior components:
Topography
Proximity to airports, highways, railroads
Potential electromagnetic interference from surrounding devices
Climate
Soil
Existing fences, detection sensors, cameras, barriers
Operational activities that depend upon physical resources
Vehicle activity
Neighbors

Question 4

Q

Emphasis: Standby UPS

Answer

A

Standby UPS devices stay inactive until a power line fails. The system has sensors that detect a power failure, and the load is switched to the battery pack. The switch to the battery pack is what causes the small delay in electricity being provided. So an online UPS picks up the load much more quickly than a standby UPS, but costs more, of course.

Question 5

Q

Explanations: Intrusion Detection Systems Characteristics

Answer

A

IDSs are very valuable controls to use in every physical security program, but several issues need to be understood before implementing them:

Question 6

Q

Bullets: Class II

Answer

A

Commercial usage, where general public access is expected; examples include a public parking lot entrance, a gated community, or a self-storage facility

Question 7

Q

Bullets: Class III

Answer

A

Industrial usage, where limited access is expected; an example is a warehouse property entrance not intended to serve the general public

Question 8

Q

Bullets: Depositories

Answer

A

Safes with slots, which allow the valuables to be easily slipped in

Question 9

Q

Explanations: Types of Fire Detection

Answer

A

Fires present a dangerous security threat because they can damage hardware and data and risk human life. Smoke, high temperatures, and corrosive gases from a fire can cause devastating results. It is important to evaluate the fire safety measurements of a building and the different sections within it.

Question 10

Q

Bullets: In-rush current

Answer

A

Initial surge of current required to start a load

Question 11

Q

Explanations: Gauges and Mesh Sizes

Answer

A

The gauge of fence wiring is the thickness of the wires used within the fence mesh. The lower the gauge number, the larger the wire diameter:

Question 12

Q

Bullets: Supply system threats

Answer

A

Power distribution outages, communications interruptions, and interruption of other resources such as water, gas, air filtration, and so on

Question 13

Q

Bullets: Tempered

Answer

A

Glass is heated and then cooled suddenly to increase its integrity and strength.

Question 14

Q

Emphasis: fire-resistant material

Answer

A

A building could be made up of incombustible material, such as steel, which provides a higher level of fire protection than the previously mentioned materials, but loses its strength under extreme temperatures, something that may cause the building to collapse. So, although the steel will not burn, it may melt and weaken. If a building consists of fire-resistant material, the construction material is fire-retardant and may have steel rods encased inside of concrete walls and support beams. This provides the most protection against fire and forced entry attempts.

Question 15

Q

Emphasis: Vibration sensors

Answer

A

An acoustical detection system uses microphones installed on floors, walls, or ceilings. The goal is to detect any sound made during a forced entry. Although these systems are easily installed, they are very sensitive and cannot be used in areas open to sounds of storms or traffic. Vibration sensors are similar and are also implemented to detect forced entry. Financial institutions may choose to implement these types of sensors on exterior walls, where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone trying to make an unauthorized bank withdrawal.

Question 16

Q

Emphasis: Wafer tumbler

Answer

A

Wafer tumbler locks (also called disc tumbler locks) are the small, round locks you usually see on file cabinets. They use flat discs (wafers) instead of pins inside the locks. They often are used as car and desk locks. This type of lock does not provide much protection because it can be easily circumvented.

Question 17

Q

Explanation Bullets: IDSs can be used to detect changes in the following:

Answer

A

Beams of light
Sounds and vibrations
Motion
Different types of fields (microwave, ultrasonic, electrostatic)
Electrical circuit

Question 18

Q

Emphasis: Testing and Drills

Answer

A

Testing and DrillsHaving fire detectors, portable extinguishers, and suppressions agents is great, but people also need to be properly trained on what to do when a fire (or other type of emergency) takes place. An evacuation and emergency response plan must be developed and actually put into action. The plan needs to be documented and to be easily accessible in times of crisis. People who are assigned specific tasks must be taught and informed how to fulfill those tasks, and dry runs must be done to walk people through different emergency situations. The drills should take place at least once a year, and the entire program should be continually updated and improved.

Question 19

Q

Explanation Bullets: The following are some of the EPA-approved replacements for halon:

Answer

A

FM-200
NAF-S-III
CEA-410
FE-13
Inergen
Argon
Argonite

Question 20

Q

Explanations: Personnel Access Controls

Answer

A

Proper identification needs to verify whether the person attempting to access a facility or area should actually be allowed in. Identification and authentication can be verified by matching an anatomical attribute (biometric system), using smart or memory cards (swipe cards), presenting a photo ID to a security guard, using a key, or providing a card and entering a password or PIN.

Question 21

Q

Emphasis: auto iris lens

Answer

A

CCTV lenses have irises, which control the amount of light that enters the lens. Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light. An auto iris lens should be used in environments where the light changes, as in an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining. On a sunny day, the iris lens closes to reduce the amount of light entering the camera, while at night, the iris opens to capture more light—just like our eyes.

Question 22

Q

Bullets: Vaults

Answer

A

Safes that are large enough to provide walk-in access

Question 23

Q

Emphasis: passive infrared system (PIR)

Answer

A

A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles’ temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded.

Question 24

Q

Bullets: Incident assessment

Answer

A

Response of security guards to detected incidents and determination of damage level

Question 25

Q

Explanations: Natural Surveillance

Answer

A

Please sit on this bench and just watch people walking by. You are cheaper than hiring a security guard.

Question 26

Q

Explanations: Natural Access Control

Answer

A

I want to go into the building from the side, but I would have to step on these flowers. I better go around to the front.

Question 27

Q

Bullets: Master keying

Answer

A

Enables supervisory personnel to change access codes and other features of the cipher lock.

Question 28

Q

Explanation Bullets: When dealing with electric power issues, the following items can help protect devices and the environment:

Answer

A

Employ surge protectors to protect from excessive current.
Shut down devices in an orderly fashion to help avoid data loss or damage to devices due to voltage changes.
Employ power line monitors to detect frequency and voltage amplitude changes.
Use regulators to keep voltage steady and the power clean.
Protect distribution panels, master circuit breakers, and transformer cables with access controls.
Provide protection from magnetic induction through shielded lines.
Use shielded cabling for long cable runs.
Do not run data or power lines directly over fluorescent lights.
Use three-prong connections or adapters if using two-prong connections.
Do not plug outlet strips and extension cords into each other.

Question 29

Q

Bullets: Amount of illumination of the environment

Answer

A

Lit areas, unlit areas, areas affected by sunlight

Question 30

Q

Emphasis: Fire detection

Answer

A

Fire detection response systems come in many different forms. Manual detection response systems are the red pull boxes you see on many building walls. Automatic detection response systems have sensors that react when they detect the presence of fire or smoke. We will review different types of detection systems in the next section.

Question 31

Q

Emphasis: Laminated glass

Answer

A

Laminated glass has two sheets of glass with a plastic film in between. This added plastic makes it much more difficult to break the window. As with other types of glass, laminated glass can come in different depths. The greater the depth (more glass and plastic), the more difficult it is to break.

Question 32

Q

Emphasis: Responsive area illumination

Answer

A

Responsive area illumination takes place when an IDS detects suspicious activities and turns on the lights within a specific area. When this type of technology is plugged into automated IDS products, there is a high likelihood of false alarms. Instead of continuously having to dispatch a security guard to check out these issues, a CCTV camera can be installed to scan the area for intruders.

Question 33

Q

Explanations: Internal Support Systems

Answer

A

Having a fortified facility with secure compartmentalized areas and protected assets is nice, but also having lights, air conditioning, and water within this facility is even better. Physical security needs to address these support services, because their malfunction or disruption could negatively affect the organization in many ways.

Question 34

Q

Intrusion Detection Systems Characteristics : IDSs are very valuable controls to use in every physical security program, but several issues need to be understood before implementing them:

Answer

A

They are expensive and require human intervention to respond to the alarms.
A redundant power supply and emergency backup power are necessary.
They can be linked to a centralized security system.
They should have a fail-safe configuration, which defaults to “activated.”
They should detect, and be resistant to, tampering.

Question 35

Q

Bullets: Wet pipe

Answer

A

Wet pipe systems always contain water in the pipes and are usually discharged by temperature control-level sensors. One disadvantage of wet pipe systems is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed head systems.

Question 36

Q

Explanations: The Planning Process

Answer

A

Okay, so what are we doing and why?Response: We have no idea.

Question 37

Q

Bullets: Class IV

Answer

A

Restricted access; this includes a prison entrance that is monitored either in person or via closed circuitry

Question 38

Q

Explanations: Heat Activated

Answer

A

Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable.

Question 39

Q

Explanations: Ventilation

Answer

A

Can I smoke in the server room?Response: Security!

Question 40

Q

Explanations: Electric Power

Answer

A

We don’t need no stinkin’ power supply. Just rub these two sticks together.

Question 41

Q

Emphasis: PIDAS Fencing

Answer

A

PIDAS FencingPerimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.

Question 42

Q

Emphasis: capacitance detector

Answer

A

A proximity detector, or capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. Capacitance change in an electrostatic field can be used to catch a bad guy, but first you need to understand what capacitance change means. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this lovely balance in the electrostatic field, causing a capacitance change, and an alarm will sound. So if you want to rob a company that uses these types of detectors, leave the subatomic particles that make up your body at home.

Question 43

Q

Emphasis: blackout

Answer

A

Blackout A blackout is when the voltage drops to zero. This can be caused by lightning, a car taking out a power line, storms, or failure to pay the power bill. It can last for seconds or days. This is when a backup power source is required for business continuity.

Question 44

Q

Bullets: Access control mechanisms

Answer

A

Locks and keys, an electronic card access system, personnel awareness

Question 45

Q

Bullets: Reduction of damage through the use of delaying mechanisms

Answer

A

Layers of defenses that slow down the adversary, such as locks, security personnel, and barriers

Question 46

Q

Emphasis: Patrol Force and Guards

Answer

A

Patrol Force and GuardsOne of the best security mechanisms is a security guard and/or a patrol force to monitor a facility’s grounds. This type of security control is more flexible than other security mechanisms, provides good response to suspicious activities, and works as a great deterrent. However, it can be a costly endeavor, because it requires a salary, benefits, and time off. People sometimes are unreliable. Screening and bonding is an important part of selecting a security guard, but this only provides a certain level of assurance. One issue is if the security guard decides to make exceptions for people who do not follow the organization’s approved policies. Because basic human nature is to trust and help people, a seemingly innocent favor can put an organization at risk.

Question 47

Q

Emphasis: facility safety officer

Answer

A

Every organization should have a facility safety officer, whose main job is to understand all the components that make up the facility and what the company needs to do to protect its assets and stay within compliance. This person should oversee facility management duties day in and day out, but should also be heavily involved with the team that has been organized to evaluate the organization’s physical security program.

Question 48

Q

Emphasis: Heavy timber construction material

Answer

A

Heavy timber construction material is commonly used for office buildings. Combustible lumber is still used in this type of construction, but there are requirements on the thickness and composition of the materials to provide more protection from fire. The construction materials must be at least four inches in thickness. Denser woods are used and are fastened with metal bolts and plates. Whereas light frame construction material has a fire survival rate of 30 minutes, the heavy timber construction material has a fire rate of one hour.

Question 49

Q

Emphasis: Star Trek

Answer

A

These access cards can be used with user-activated readers, which just means the user actually has to do something—swipe the card or enter a PIN. System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything. Spooky Star Trek magic.

Question 50

Q

Bullets: Manmade threats

Answer

A

Unauthorized access (both internal and external), explosions, damage by disgruntled employees, employee errors and accidents, vandalism, fraud, theft, and others

Question 51

Q

Explanation Bullets: So, before an effective physical security program can be rolled out, the following steps must be taken:

Answer

A

Identify a team of internal employees and/or external consultants who will build the physical security program through the following steps.
Carry out a risk analysis to identify the vulnerabilities and threats and to calculate the business impact of each threat.
Identify regulatory and legal requirements that the organization must meet and maintain.
Work with management to define an acceptable risk level for the physical security program.
Derive the required performance baselines from the acceptable risk level.
Create countermeasure performance metrics.
Develop criteria from the results of the analysis, outlining the level of protection and performance required for the following categories of the security program:
Deterrence
Delaying
Detection
Assessment
Response
Identify and implement countermeasures for each program category.
Continuously evaluate countermeasures against the set baselines to ensure the acceptable risk level is not exceeded.

Question 52

Q

Explanations: Protecting Assets

Answer

A

The main threats that physical security components combat are theft, interruptions to services, physical damage, compromised system and environment integrity, and unauthorized access.

Question 53

Q

Emphasis: Electromechanical systems

Answer

A

Electromechanical systems work by detecting a change or break in a circuit. The electrical circuits can be strips of foil embedded in or connected to windows. If the window breaks, the foil strip breaks, which sounds an alarm. Vibration detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken. Magnetic contact switches can be installed on windows and doors. If the contacts are separated because the window or door is opened, an alarm will sound.

Question 54

Q

Explanations: Preventive Measures and Good Practices

Answer

A

Don’t stand in a pool of water with a live electrical wire.Response: Hold on, I need to write that one down.

Question 55

Q

Preventive Steps Against Static Electricity : The following are some simple measures to prevent static electricity:

Answer

A

Use antistatic flooring in data processing areas.
Ensure proper humidity.
Have proper grounding for wiring and outlets.
Don’t have carpeting in data centers, or have static-free carpets if necessary.
Wear antistatic bands when working inside computer systems.

Question 56

Q

Bullets: Security film

Answer

A

Transparent film is applied to the glass to increase its strength.

Question 57

Q

Bullets: Preaction

Answer

A

Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems.

Question 58

Q

Emphasis: Introduction to Physical Security

Answer

A

Introduction to Physical SecurityThe physical security of computers and their resources in the 1960s and 1970s was not as challenging as it is today because computers were mostly mainframes that were locked away in server rooms, and only a handful of people knew what to do with them anyway. Today, a computer sits on almost every desk in every company, and access to devices and resources is spread throughout the environment. Companies have several wiring closets and server rooms, and remote and mobile users take computers and resources out of the facility. Properly protecting these computer systems, networks, facilities, and employees has become an overwhelming task to many companies.

Question 59

Q

Explanations: Window Types

Answer

A

A security professional may be involved with the planning phase of building a facility, and each of these items comes into play when constructing a secure building and environment. The following sums up the types of windows that can be used:

Question 60

Q

Explanation Bullets: Access control should be in place to control and restrict individuals from going from one security zone to the next. Access control should also be in place for all facility entrances and exits. The security program development team needs to consider other ways in which intruders can gain access to buildings, such as by climbing adjacent trees to access skylights, upper-story windows, and balconies. The following controls are commonly used for access controls within different organizations:

Answer

A

Limit the number of entry points.
Force all guests to go to a front desk and sign in before entering the environment.
Reduce the number of entry points even further after hours or during the weekend, when not as many employees are around.
Implement sidewalks and landscaping to guide the public to a main entrance.
Implement a back driveway for suppliers and deliveries, which is not easily accessible to the public.
Provide lighting for the pathways the public should follow to enter a building to help encourage that only one entry is used for access.
Implement sidewalks and grassy areas to guide vehicle traffic to only enter and exit through specific locations.
Provide parking in the front of the building (not the back or sides) so people will be directed to enter the intended entrance.

Question 61

Q

Emphasis: Electronic access control (EAC) tokens

Answer

A

NOTE Electronic access control (EAC) tokens is a generic term used to describe proximity authentication devices, such as proximity readers, programmable locks, or biometric systems, which identify and authenticate users before allowing them entrance into physically controlled areas.

Question 62

Q

Explanation Bullets: Preventive Steps Against Static Electricity

The following are some simple measures to prevent static electricity:

Answer

A

Use antistatic flooring in data processing areas.
Ensure proper humidity.
Have proper grounding for wiring and outlets.
Don’t have carpeting in data centers, or have static-free carpets if necessary.
Wear antistatic bands when working inside computer systems.

Question 63

Q

Explanations: Designing a Physical Security Program

Answer

A

Our security guards should wear pink uniforms and throw water balloons at intruders.

Question 64

Q

Emphasis: Perimeter Intrusion Detection and Assessment System (PIDAS)

Answer

A

Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.

Answer 65

A

Computer and Equipment RoomsIt used to be necessary to have personnel within the computer rooms for proper maintenance and operations. Today, most servers, routers, switches, mainframes, and other equipment housed in computer rooms can be controlled remotely. This enables computers to live in rooms that have fewer people milling around and spilling coffee. Because the computer rooms no longer have personnel sitting and working in them for long periods, the rooms can be constructed in a manner that is efficient for equipment instead of people.

Answer 66

A

Fire detection systems can be configured to call the local fire station, and possibly the police station, to report a detected fire. The system plays a prerecorded message that gives the necessary information so officials can properly prepare for the stated emergency and arrive at the right location. A recording of someone screaming “We are all melting” would not be helpful to fire officials.

Answer 67

A

Fire Resistant RatingsFire resistant ratings are the result of tests carried out in laboratories using specific configurations of environmental settings. The American Society for Testing and Materials (ASTM) is the organization that creates the standards that dictate how these tests should be performed and how to properly interpret the test results. ASTM accredited testing centers carry out the evaluations in accordance with these standards and assign fire resistant ratings that are then used in federal and state fire codes. The tests evaluate the fire resistance of different types of materials in various environmental configurations. Fire resistance represents the ability of a laboratory-constructed assembly to contain a fire for a specific period of time. For example, a 5/8-inch-thick drywall sheet installed on each side of a wood stud provides a one-hour rating. If the thickness of this drywall is doubled, then this would be given a two-hour rating. The rating system is used to classify different building components.

Answer 68

A

Fire suppression mechanisms, emergency response processes, law enforcement notification, and consultation with outside security professionals

Answer 69

A

Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.

Answer 70

A

Proximity protection components are usually put into place to provide one or more of the following services:

Answer 71

A

Block access to disk drives or unused serial or parallel ports

Answer 72

A

Electromagnetic or frequency interference that disrupts the power flow and can cause fluctuations

Answer 73

A

A type of plastic instead of glass. Polycarbonate acrylics are stronger than regular acrylics.

Answer 74

A

Surveillance DevicesUsually, installing fences and lights does not provide the necessary level of protection a company needs to protect its facility, equipment, and employees. Areas need to be under surveillance so improper actions are noticed and taken care of before damage occurs. Surveillance can happen through visual detection or through devices that use sophisticated means of detecting abnormal behavior or unwanted conditions. It is important that every organization have a proper mix of lighting, security personnel, IDSs, and surveillance technologies and techniques.

Answer 75

A

It is important for a company not only to choose the right type of lock for the right purpose, but also to follow proper maintenance and procedures. Keys should be assigned by facility management, and this assignment should be documented. Procedures should be written out detailing how keys are to be assigned, inventoried, and destroyed when necessary, and what should happen if and when keys are lost. Someone on the company’s facility management team should be assigned the responsibility of overseeing key and combination maintenance.

Answer 76

A

Equipment
Flooring
Walls
Computers
Facility foundations

Answer 77

A

Pick resistance protection through many different mechanisms (only used in grade 1 and 2 locks)

Answer 78

A

Acrylic glass can be made out of polycarbonate acrylic, which is stronger than standard glass but produces toxic fumes if burned. Polycarbonate acrylics are stronger than regular acrylics, but both are made out of a type of transparent plastic. Because of their combustibility, their use may be prohibited by fire codes. The strongest window material is glass-clad polycarbonate. It is resistant to a wide range of threats (fire, chemical, breakage), but, of course, is much more expensive. These types of windows would be used in areas that are under the greatest threat.

Answer 79

A

Fences, security guards, warning signs, and so forth

Answer 80

A

How about if I just spit on the fire?Response: I’m sure that will work just fine.

Answer 81

A

Physical access control systems can use software and auditing features to produce audit trails or access logs pertaining to access attempts. The following information should be logged and reviewed:

Answer 82

A

Wave-pattern motion detectors differ in the frequency of the waves they monitor. The different frequencies are microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds.

Answer 83

A

• Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder.

Answer 84

A

Electric power enables us to be productive and functional in many different ways, but if it is not installed, monitored, and respected properly, it can do us great harm.

Answer 85

A

Momentary low-voltage condition, from one cycle to a few seconds

Answer 86

A

This place is so nice and pretty and welcoming. No one would want to carry out crimes here.

Answer 87

A

If an individual is under duress and/or held hostage, a combination he enters can communicate this situation to the guard station and/or police station.

Answer 88

A

I can’t see the building.Response: That’s the whole idea.

Answer 89

A

Facility Access ControlAccess control needs to be enforced through physical and technical components when it comes to physical security. Physical access controls use mechanisms to identify individuals who are attempting to enter a facility or area. They make sure the right individuals get in and the wrong individuals stay out, and provide an audit trail of these actions. Having personnel within sensitive areas is one of the best security controls because they can personally detect suspicious behavior. However, they need to be trained on what activity is considered suspicious and how to report such activity.

Answer 90

A

The date and time of the access attempt
The entry point at which access was attempted
The user ID employed when access was attempted
Any unsuccessful access attempts, especially if during unauthorized hours

Answer 91

A

Vault doors
Personnel doors
Industrial doors
Vehicle access doors
Bullet-resistant doors

Answer 92

A

Entry PointsUnderstanding the company needs and types of entry points for a specific building is critical. The various types of entry points may include doors, windows, roof access, fire escapes, chimneys, and service delivery access points. Second and third entry points must also be considered, such as internal doors that lead into other portions of the building and to exterior doors, elevators, and stairwells. Windows at the ground level should be fortified, because they could be easily broken. Fire escapes, stairwells to the roof, and chimneys are many times overlooked as potential entry points.

Answer 93

A

A mesh of wire is embedded between two sheets of glass. This wire helps prevent the glass from shattering.

Answer 94

A

The third CPTED strategy is natural territorial reinforcement, which creates physical designs that emphasize or extend the company’s physical sphere of influence so legitimate users feel a sense of ownership of that space. Territorial reinforcement can be implemented through the use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks. The goal of territorial reinforcement is to create a sense of a dedicated community. Companies implement these elements so employees feel proud of their environment and have a sense of belonging, which they will defend if required to do so. These elements are also implemented to give potential offenders the impression that they do not belong there, that their activities are at risk of being observed, and that their illegal activities will not be tolerated or ignored.

Answer 95

A

Surge A surge is a prolonged rise in voltage from a power source. Surges can cause a lot of damage very quickly. A surge is one of the most common power problems and is controlled with surge protectors. These protectors use a device called a metal oxide varistor, which moves the excess voltage to ground when a surge occurs. Its source can be from a strong lightning strike, a power plant going online or offline, a shift in the commercial utility power grid, and electrical equipment within a business starting and stopping. Most computers have a built-in surge protector in their power supplies, but these are baby surge protectors and cannot provide protection against the damage that larger surges (say, from storms) can cause. So, you need to ensure all devices are properly plugged into larger surge protectors, whose only job is to absorb any extra current before it is passed to electrical devices.

Answer 96

A

An apartment complex does not respond to a report of a broken lock on a sliding glass door, and subsequently a woman who lives in that apartment is raped by an intruder.
Bushes are growing too close to an ATM, allowing criminals to hide behind them and attack individuals as they withdraw money from their accounts.
A portion of an underground garage is unlit, which allows an attacker to sit and wait for an employee who works late.
A gas station’s outside restroom has a broken lock, which allows an attacker to enter after a female customer and kill her.
A convenience store hangs too many advertising signs and posters on the exterior windows, prompting thieves to choose this store because the signs hide any crimes taking place inside the store from people driving or walking by.
Backup tapes containing sensitive information are lost during the process of moving from an on-site to an off-site facility.
A laptop containing Social Security numbers and individuals’ financial information is stolen from an employee’s car.
A malicious camera is installed at an ATM station, which allows a hacker to view and capture people’s ATM PIN values.
Bollards are not implemented in high foot traffic areas outside of a retail store and someone driving a car accidently swerves his car and injures some pedestrians.
A company builds an office building that does not follow fire codes. A fire takes place and some people are trapped and cannot escape the fire.

Answer 97

A

A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments.

Answer 98

A

If a door is held open for a given time, an alarm will trigger to alert personnel of suspicious activity.

Answer 99

A

No pick or drill resistance provided (can fall within any of the three grades of locks)

Answer 100

A

Control pedestrian and vehicle traffic flows
Various levels of protection for different security zones
Buffers and delaying mechanisms to protect against forced entry attempts
Limit and control entry points

Answer 101

A

Lock bumping is a tactic that intruders can use to force the pins in a tumbler lock to their open position by using a special key called a bump key. The stronger the material that makes up the lock, the smaller the chance that this type of lock attack would be successful.

Answer 102

A

Fire suppression is the use of a suppression agent to put out a fire. Fire suppression can take place manually through handheld portable extinguishers, or through automated systems such as water sprinkler systems, or halon or CO2 discharge systems. The upcoming “Fire Suppression” section reviews the different types of suppression agents and where they are best used. Automatic sprinkler systems are widely used and highly effective in protecting buildings and their contents. When deciding upon the type of fire suppression systems to install, a company needs to evaluate many factors, including an estimate of the occurrence rate of a possible fire, the amount of damage that could result, the types of fires that would most likely take place, and the types of suppression systems to choose from.

Answer 103

A

The pathway to the earth to enable excessive voltage to dissipate

Answer 104

A

Provides extra security by being tinted and offers extra strength due to the film’s material.

Answer 105

A

To detect, assess, and/or identify intruders

Answer 106

A

A specific combination can be programmed for use in emergency situations to override normal procedures or for supervisory overrides.

Answer 107

A

The plastic layer between two outer glass layers. The plastic layer helps increase its strength against breakage.

Answer 108

A

CPTED also encourages activity support, which is planned activities for the areas to be protected. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area. The activities could be neighborhood watch groups, company barbeques, block parties, or civic meetings. This strategy is sometimes the reason for particular placement of basketball courts, soccer fields, or baseball fields in open parks. The increased activity will hopefully keep the bad guys from milling around doing things the community does not welcome.

Answer 109

A

Smoke detectors, motion detectors, CCTV, and so forth

Answer 110

A

A degree of pick resistance protection provided (uses tighter and more complex keyways [notch combination]; can fall within any of the three grades of locks)

Answer 111

A

The load (how much weight can be held) of a building’s walls, floors, and ceilings needs to be estimated and projected to ensure the building will not collapse in different situations. In most cases, this is dictated by local building codes. The walls, ceilings, and floors must contain the necessary materials to meet the required fire rating and to protect against water damage. The windows (interior and exterior) may need to provide ultraviolet (UV) protection, may need to be shatterproof, or may need to be translucent or opaque, depending on the placement of the window and the contents of the building. The doors (exterior and interior) may need to have directional openings, have the same fire rating as the surrounding walls, prohibit forcible entries, display emergency egress markings, and—depending on placement—have monitoring and attached alarms. In most buildings, raised floors are used to hide and protect wires and pipes, and it is important to ensure any raised outlets are properly grounded.

Answer 112

A

Floods, earthquakes, storms and tornadoes, fires, extreme temperature conditions, and so forth

Answer 113

A

Prolonged power supply that is below normal voltage

Answer 114

A

Inventory all laptops, including serial numbers, so they can be properly identified if recovered.
Harden the operating system.
Password-protect the BIOS.
Register all laptops with the vendor, and file a report when one is stolen. If a stolen laptop is sent in for repairs, after it is stolen it will be flagged by the vendor.
Do not check a laptop as luggage when flying.
Never leave a laptop unattended, and carry it in a nondescript carrying case.
Engrave the laptop with a symbol or number for proper identification.
Use a slot lock with a cable to connect a laptop to a stationary object.
Back up the data from the laptop and store it on a stationary PC or backup media.
Use specialized safes if storing laptops in vehicles.
Encrypt all sensitive data.

Answer 115

A

When selecting a location for a facility, some of the following items are critical to the decision-making process:

Answer 116

A

Improper environmental controls can cause damage to services, hardware, and lives. Interruption of some services can cause unpredicted and unfortunate results. Power, heating, ventilation, air-conditioning, and air-quality controls can be complex and contain many variables. They all need to be operating properly and to be monitored regularly.

Answer 117

A

Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.

Answer 118

A

Fences, gates, walls, doors, windows, protected vents, vehicular barriers

Answer 119

A

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.

Answer 120

A

Secure the system to a stationary component by the use of steel cable that is connected to a bracket mounted in a spare expansion slot

Answer 121

A

Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level of security and control over who can access a facility.

Answer 122

A

Heavy-duty residential/light-duty commercial

Answer 123

A

Strikes, riots, civil disobedience, terrorist attacks, bombings, and so forth

Answer 124

A

The CPTED model shows how security zones can be created. An environment’s space should be divided into zones with different security levels, depending upon who needs to be in that zone and the associated risk. The zones can be labeled as controlled, restricted, public, or sensitive. This is conceptually similar to information classification, as described in Chapter 2. In a data classification program, different classifications are created, along with data handling procedures and the level of protection that each classification requires. The same is true of physical zones. Each zone should have a specific protection level required of it, which will help dictate the types of controls that should be put into place.

Answer 125

A

Prevent the removal of input/output devices by passing their cables through a lockable unit

Answer 126

A

Visual Recording DevicesBecause surveillance is based on sensory perception, surveillance devices usually work in conjunction with guards and other monitoring mechanisms to extend their capabilities and range of perception. A closed-circuit TV (CCTV) system is a commonly used monitoring device in most organizations, but before purchasing and implementing a CCTV, you need to consider several items:

Answer 127

A

Secure a keyboard by inserting an on/off switch between the system unit and the keyboard input slot

Answer 128

A

Bollards usually look like small concrete pillars outside a building. Sometimes companies try to dress them up by putting flowers or lights in them to soften the look of a protected environment. They are placed by the sides of buildings that have the most immediate threat of someone driving a vehicle through the exterior wall. They are usually placed between the facility and a parking lot and/or between the facility and a road that runs close to an exterior wall. Within the United States after September 11, 2001, many military and government institutions, which did not have bollards, hauled in huge boulders to surround and protect sensitive buildings. They provided the same type of protection that bollards would provide. These were not overly attractive, but provided the sense that the government was serious about protecting those facilities.

Answer 129

A

Under raised floors

* On dropped ceilings

Brainscape's Knowledge GenomeTM

CHAPTER 5_Physical and Environmental Security Flashcards

Brainscape's Knowledge Genome^TM