Domain 4: Physical (Environment) Security Flashcards
What is a Mantrap?
A Preventive physical control with two doors; each door requires a separate form of authentication to open.
What is a Bollard?
A post designed to stop a car, typically deployed in front of a building entrance.
What is a Tailgating?
Following an authorized person into a building without providing credentials.
What is a Smart Card?
A physical access control device containing an integrated circuit.
What is the paramount concern for teh physical and environmental domain and trumps all other considerations?
Physical Safety of people
What is the purpose of perimeter defense?
The help prevent, detect and correct unauthorized physical access.
What is defense in depth?
Any one defense may fail so critical assets should have multiple physical security controls
Name four Physical “Defense in depth” measures.
Fences
Doors
Walls
Locks
What tytpe of controls do fences facilitate?
Can range from simple deterrents to preventive devices
What is the design purpose of a fence?
Design them to steer ingress and egress to controlled points
What are the four Classes of Gates?
I: Residential (Home Use); ornamental; deterrence
II: Commercial / General Use (Parking Grarge)
III: Industrial / Limited Access (Loading dock)
IV: Restricted Access (Prison)
Where should a gate go on the perimeter?
Gates should be placed at controlled points at the perimeter.
How do you steer people to a gate?
Secure sites use fences and topography to steer traffic to these points.
What type of control is a light?
Detective
and
Deterrent
What is a lumen?
Lumen: the amount of light one candle creates
How did we historoically measure Light ?
Light was historically measured in foot candles
How is a lumen measured?
One lumen = on lumen per square foot
What light unit measurement is replacing the Lumen?
Lux
What is a Lux equal to?
Lux = one lumen per square meter
What does CCTV stand for?
CCTV (Closed Circuit Television):
What type of control is a CCTV (Closed Circuit Television)?
Detective
What is a ;imitation of CCTV (Closed Circuit Television)?
Uses the normal light spectrum and requires sufficient visibility to illuminate the field of vision
What type of CCTV (Closed Circuit Television) system allows you to see in the dark by seeing heat
Infrared
Older tube cameras in CCTV (Closed Circuit Television) systems are analog or digital?
Analog
MModern CCTV (Closed Circuit Television) systems use what kind of cameras?
Digital Charged Couple Discharge cameras
What does the acronym, CCD, stand for in regard to CCTV (Closed Circuit Television) systems?
Charged Couple Discharge cameras which are digital
What does the mechanical irise in a cmera do?
Act as human irises; controlling the amount of light that enters the lens by changing the size of the aperture.
Is the aperture larger or smaller at low light conditions?
The aperture is larger at low light conditions
In regards to CCTV systems, what is Depth of Field?
Depth of Field: the area in focus
In regards to CCTV systems, what is Field of View?
Field of View: the entire area viewed by the camera
In regards to CCTV systems, what does more light make possible?
Smaller aperture
Larger Depth of Field (more of the image in focus)
In regards to CCTV systems, how does low light affect the system?
Wide aperture used is low light conditions
lowers depth of field (smaller area of focus)
In regards to CCTV systems, what does Pan do?
Pan: move horizontally
In regards to CCTV systems, what does Tilt do?
Tilt: move vertically
In regards to CCTV systems, what are the three typical views you can get?
Fixed: one camera
Autoscan: show one for a few seconds and then show a different camer
Multiplexing: multiple camera feeds on one display
In regards to CCTV systems, what are the three typical vstorage systems?
Magnetic Tape (VHS) for tube cameras
DVR (Digital Video Recorder) for digital cameras
NVR (Network Video Recorder)
In regards to CCTV systems, what does DVR stand for?
DVR (Digital Video Recorder) for digital cameras
In regards to CCTV systems, what does NVR stand for?
NVR (Network Video Recorder)
In regards to CCTV systems, what is the advantage of DVR (Digital Video Recorders) over NVRs (network Video Recoders)?
NVR has the advantage for centralized storage of all video.
What is the difference between CRTs (Cathode Ray Tube) cameras and CRT displays.
CRT Tube Cameras are older model cameras and CRT displays project images on a screen.
What type of control is a lock?
Preventative
Name the three types of locks.
Mechanical
Electronic
Combination
What is one limitation to key locks?
Keys can be shared or copied which lowers the accountability of key locks
How does a key lock work?
Inserting the correct key makes the pins align with the Shear Line allowing the lock tumbler (Plug) to turn.
How does a warded lock work?
Uses a set of obstructions, or wards,
to prevent the lock from opening unless the correct key is inserted.
The correct key has notches or slots corresponding to the obstructions in the lock, allowing it to rotate freely inside the lock.
What is a limitation to a warded lock?
a well-designed skeleton key can successfully open a wide variety of warded locks.
How does a Spring Bolt / Dead Bolt lock work?
A locking mechanism that automatically “springs” in and out of the strike plate of the door jamb.
A locking mechanism that mechanically rotates in and out of the strike plate of the door jamb.
With a spring bolt exposed, can you close the door?
Yes
With a dead bolt exposed, can you close the door?
No
What is lock picking?
The art of opening a lock without a key
How are lock picks used?
Lock Picks can be used to lift the pins in a pin tumbler lock
What is lock Bumping:?
Lock Bumping: Use a shaved down key that will fit into the lock. Attacker fits the key into the lock and whacks it a few times to cause the pins to jump and the attacker quickly turns the key and opens the lock.
can all locks be picked or bumped?
All locks can be picked or bumped. The question is how long will it take.
What is a Master Key?
The master key opens all locks in a given zone.
What is a Core Key?
The core key is used to remove the lock core in interchangeable locks.
Name three controls you can use to protect the Master Key and the Core Key.
1: Keep the key in a secure place
2: Only allow a few critical employees access
3: Accountability
Name four limitations to combination locks?
1: Limited accountability due to shared combinations.
2: Prolonged use of Buttons or keypads can cause wear on the most used buttons.
3: Prone to brute force attack
4: Prone to shoulder surfing
Name three uses for Smart Cards?
1: Keys for electronics locks
2: credit card purchases (many international cards)
3: Dual-factor authentication systems.
What does the “Smart” mean in Smart Cards?
“Smart” means that card contains a computer circuit
What is another name for Smart Cards?
Also called Integrated Circuit cards (ICC)
IN regards to Smart Cards, what does ICC stand for?
Integrated Circuit cards (ICC)
In regards to Smart Cards, what are two methods for communicating witht electronic locks ?
1: Contact (where the card must be inserted)
2: Contactless (wirelessly)
In regards to Contactless Smart Cards, what is one technology example?
Radio Frequency Identification (RFID)
In regards to Contactless Smart Cards, how does Radio Frequencey Identification (RFID) work?
1: Cards contain RFID Tags (Transponders)
2: Read by RDIF transceivers
What are Smart Cards used for?
Used in combination electronic locks to provide physical access control
Whay are Smart Cards better than mechanical locks?
better then mechanical locks because of audit capability
What is the difference between a Smart Cards and a Magnetic Stripe card?
The stripe in a magnetic stripe card is passive; read only.
In regard to Smart Card systems. what is the Common Access Card (CAC)?
A multipurpose Smart Card deployed by the US Department of Defense.
In regard to Smart Card systems. what does CAC stand for?
Common Access Card
In regard to Smart Card systems. name the three functions of the DOD Common Access Card
1: physical access control
2: dual-factor authentication
3: Digitally signing documents
In regard to Smart Card systems. how does the DOD Common Access Card work?
Stores cryptographic certificates as part of the DOD’s Public Key Infrastructure (PKI)
What is Tailgating/Piggybacking
An unauthorized person follows an authorized person into the building after the authorized person unlocks the door.
In regards toTailgating/Piggybacking, what is one example of using Social Engineering to improve the success rate?
Added social engineering element (carrying large boxes) may aid the attacker
What type of control is a Mantrap?
A preventive physical control
What is a Mantrap?
A preventive physical control with two doors.
The first door must close and lock before the second door can open
Each door requires a separate form of authentication
What is a turnstile designed to do?
Designed to prevent tailgating
What is the most important design characteristics in a turnstile and a mantrap?
Both must be designed to allow safe egress during emergencies
Name two things that you can use Contraband Checks for
Used to detect incoming metals, weapons, explosives and illegal drugs.
Used to detect outgoing sensitive data
Example: Port Blocking
In regards to motion detectors, how do Ultrasonic and Microwave systems work
like Doppler radar
A wave of energy is sent out and the echo is returned. If an echo returns more quickly then it normally does, that indicates something has stepped in front of the sensor.
In regards to motion detectors, how does Photoelectric systems work?
Sends a beam of light across a monitored space to a sensor. If the beam is broken, the sensor alerts.
In regards to motion detectors,
What is the common characteristic of Ultrasonic, Microwave and Photoelectric sensors
They are all active sensors; they actively send energy.
In regards to motion detectors,
What is one example of a passive sensor?
Passive Inared (PIR): detects energy created by the human body.
In regards to motion detectors,
What does PIR stand for?
Passive Inared (PIR): detects energy created by the human body.
In regards to motion detectors,
What is the difference between physical intrusion detection and network intrusion detection?
Motion Detectors provide physical Intrusion Detection.
Network Intrusion Detection detect attacks on the network.
In regards to perimeter alarms,
How doe Magnetic door and window alarms work?
They include matched pairs of sensors on the device that an electric circuit flows through. If the circuit is broken, the alarm sounds.
In regards to perimeter defense of doors,
Name five design charateristics
1: Door hinges should face inward
2: Egress must be unimpeded during emergencies
3: No gaps in the door
4: Doors with motion sensors should not have mail slots
5: Externally-facing emergency doors should be marked for Emergency Use Only and equipped with panic bars that alarm if anybody opens them.
In regards to perimeter defense of Walls and Ceilings,
Name four design charateristics
1: Internal motion sensors should be bolted securely to a fixed sturdy ceiling or wall to prevent an attacker to cause it to move
2: Should be slab-to-slab.
3: Should be strong enough to resist cutting (Sheetrock – gypsum can be easily cut)
4; Fire Rating: The amount of time required to fail due to a fire not less than one hour
In regards to perimeter defense of glass windows and doors,
what type of control should be in place?
compensating control.
In regards to perimeter defense of glass windows and doors,
Name five types of compensating control materials that you might consider
1: Bullet proof
2: Explosive-resistant
3: Wire mesh
4: Polycarbonate (Lexan)
5: Acrylic (Plexiglass)
In regards to perimeter defense of glass windows and doors,
Name five types of compensating control materials that you might consider
1: Bullet proof
2: Explosive-resistant
3: Wire mesh
4: Polycarbonate (Lexan)
5: Acrylic (Plexiglass)
In regards to perimeter defense of Walls and Ceilings,
what is a fire rating?
The amount of time required to fail due to a fire
In regards to perimeter defense of Walls and Ceilings,
what is The National Fire Protection Agency (NFPA) 75?
Standard for the Protection of Information Technology Equipment
In regards to perimeter defense of Walls and Ceilings,
what is the Standard for the Protection of Information Technology Equipment
The National Fire Protection Agency (NFPA) 75
In regards to perimeter defense,
what are the six Access Control types?
1: Preventive
2: Detective
3: Corrective
4: Recovery
5: Deterrent
6: Compensating
In regards to perimeter defense,
name four things that a guad does
1: Inspection of Access Credentials
2: Monitoring of CCTVs
3: Monitoring of Environmental Controls
4: Incident response
In regards to perimeter defense,
what is the difference between a d professional guard and a non-professional guard?
Professional Guards have attended advanced training
In regards to perimeter defense,
what is Pseudo Guard?
Pseudo Guard means an unarmed guard.
In regards to perimeter defense,
how do you ensure that teh guard is doing what needs to be done?
Guard orders should be complete and clear and trained routinely.
In regards to perimeter defense,
what is a guard dog good for?
Perimeter Defense guarding rigid turf.
In regards to perimeter defense,
what type of control is a guard dog ?
Deterrent and Detective
In regards to perimeter defense,
what is a risk to using guard dogs?
Legal Liability.
In regards to perimeter defense,
name two methods of restricting areas
1: Areas may be restricted by space (authorized personnel Only)
2: Areas may be restricted by time
In regards to perimeter defense,
name three examples of how to restrict by time
1: Electronic badges automatically expire
2: Printing the valid date in bold on the badge
3: Using different colored badges for different days of the week
When building a secure facility, what are the three steps?
1: Site Selection
2: Design
3: Configuration
What is the most important characteristic to remember when building a secure facility?
Physical safety of personnel is the top priority for every decision.
In regards to Site Selectrion Issues,
what does greenfield mean?
(undeveloped land) process of choosing a site to construct a building.
In regards to Site Selectrion Issues,
what does topography mean?
The physical shape of the land.
In regards to physical securityi design Issues,
name two things you can use topography for?
1: Steer ingress and egress to controlled points
2: Alter the topography as a defensive measure
In regards to physical securityi configuration Issues,
name two things you can to conrol for power outages
1: Uninterruptable Power supplies for short term power failure
2: Generators for longer term power failure.
In regards to physical securityi design Issues,
should you consider crime rates?
yes
In regards to physical securityi design Issues,
can design compensate for poor site selection?
No
In regards to physical security design Issues,
should you externally mark your data center or make it obvious who owns it and what the purpose of the facility is?
No
In regards to physical security design Issues,
Why is shared tanancy a problem?
Weakens your defenses because you are that mercy of your neighbor.
In regards to physical security design Issues,
name three specific weknesses for for shared tanancy relatinship.
1: Shared Wall may act as a launch point to attack critical areas.
2: Wireless attacks and wireless interference.
3: Shared Demarc
In regards to physical security design Issues,
What is a Shared Demarc?
Most buildings have one entry point where power and internet come into the building.
In regards to physical security design Issues,
What is the main problem with Shared Demarcs?
Access to the Demarc areas allows attacks on CIA of all circuits.
In regards to physical security design Issues,
Name three controls to deploy for Shared Demarcs?
1: Strong physical access control including authenticating and authorizing all access.
2: Accountability controls should be built to reconstruct any event.
3: For very secure sites, construct multiple segregated demarks.
In regards to system defense Issues,
assuming the attacker has physical access to a device, what controls can you deploy to mitigate the risk?
1: Asset Tracking
2: Port Controls
3: Drive and Tape Encryption
4: Offsite Media Storage
5: Media Cleaning and Destruction
In regards to system defense Issues,
name three characteristics of a detailed asset tracking system
1: Support regulatory compliance by identifying where all regulated data is in a system.
2: Show exactly where equipment and data resides for Terminated employees
3: Track serial numbers and model numbers
In regards to system defense Issues,
when should you encrypt data?
Recommended for all mobile and media containing sensitive information which may leave a site
May also be used for static systems which do not move.
In regards to system defense Issues,
why is Whole-disk encryption for mobile device hard drives recommended?
Partially encrypted solutions, Encrypted File Folders or partitions often run the risk of exposing sensitive data stored in temp files.
In regards to system defense Issues,
Can Disk encryption can occur in hardware and software
Yes
In regards to system defense Issues,
Why is encrypting PII a good idea?
Many breach notification laws concerning PII contain exclusions for lost data that is encrypted.
In regards to system defense Issues,
Is encrypting only a good idea for certain industries?
No - it is critical to highlight the importance of encrypting PII on mobile devices regardless of industry.
In regards to system defense Issues,
where should you store backups of sensitive data
offsite
In regards to system defense Issues,
If you outsource Media Storage and Transportation, Name two characteristics that the firm should posess
1: Bonded and insured
2: Emploies secure vehicles and secure facilities.
In regards to system defense Issues,
What is a key characteristic of an offsite storage location?
Ensure the storage site is will not be impacted by the same disasters as the primary site.
In regards to system defense Issues,
What is Media Cleaning and Destruction?
Prevent Object Reuse by securely cleaning or destroying all forms of media.
In regards to system defense Issues,
What types of Media need Cleaning and Destruction?
physical (paper) or electronic.
In regards to system defense Issues,
What is Dumpster Diving?
Dumpster Diving is searching for information by rummaging through unsecured trash.
In regards to system defense Issues,
Should Media Cleaning and Destruction follow a formal policy?
Yes
In regards to system defense Issues,
During Media Cleaning and Destruction activities, name 4 items to track in order to Document all activity?
1; Log serial numbers of any hard drives,
2: Log the data they contained
3: Log the date of cleaning or destruction
4: Log the name of the person performing these actions.
In regards to system defense Issues,
What does a paper shredder do?
Cuts paper to prevent reuse
In regards to system defense Issues,
What does a Strip-Cut paper shredder do?
cuts paper into vertical strips
In regards to system defense Issues,
What does a Cross-Cut paper shredder do?
cuts bot horizontally and vertically.
In regards to system defense Issues,
What is more secure: a Cross-Cut paper shredder or a Strip-Cut paper shredder?
Cross-Cut paper shredder
In regards to system defense Issues,
Are paper shredders guarnateed to prevent reuse?
No - Given enough time, attackers can recover shredded documents.
In regards to system defense Issues,
Does deleting a file destroy the infomration completely?
No - Deleting a file removes the entry from the File Allocation Table (FAT) and marks the data blocks as unallocated, but the data is still there until overwritten.
In regards to system defense Issues,
Does Reformatting a disk destroy the infomration completely?
No - Reformatting a disk destroys the old FAT and replaces it with a new one, but the data is still there.
In regards to system defense Issues,
what is Data Remanence
Data Remanence: there are “remnants “of data left behind.
In regards to system defense Issues,
what is Overwriting?
Overwriting writes over every character of a file or an entire disk drive.
In regards to system defense Issues,
what is Electronic Shredding?
Electronic Shredding (Wiping) overwrites the file’s data before removing the FAT entry.
In regards to system defense Issues,
what is another name for Electronic Shredding?
Wiping
In regards to system defense Issues,
Are there any known commercial tools which can recover data overwritten in a single pass.
No - There are no known commercial tools which can recover data overwritten in a single pass.
In regards to system defense Issues,
What are two limitation to overwriting media?
1: You cannot tell if a drive has been securely overwritten by looking at it. Errors made during the process can lead to data loss.
2: It also may be impossible to overwrite damage media.
In regards to system defense Issues,
What are Degaussing and Destruction controls used for?
Controls used to prevent object reuse attacks against magnetic media such as magnetic tape and disk drives.
In regards to system defense Issues,
How does Degaussing work?
Destroys the integrity of the magnetic media by exposing them to s a strong magnetic field; usually so damaged that a drive can no longer be formatted.
In regards to system defense Issues,
How does Destruction work?
Destroys the integrity of the media by physically destroying the media itself.
In regards to system defense Issues,
Name three methods of Destruction
1: Incineration
2: Pulverizing
3: Acid baths
In regards to system defense Issues,
Name two reasons why destruction is better than overwriting
1: It may not be possible to overwrite damaged media
2: Some magnetic media can only be written once
What is the primary purpose of environmental controls?
Designed to provide a safe environment for personnel and equipment.
In terms of environmental controls
Name the three primary controls.
1: Power
2: HVAC
3: Fire Safety
In terms of environmental controls
What is the Top priority for any data center (Selecting, building and designing)
Power
In terms of environmental controls
Name the six types of Electrical Faults.
1: Blackout: Prolonged Loss of Power
2: Brownout: Prolonged Low Voltage
3: Fault: Short Loss of Power
4: Surge: Prolonged High Voltage
5: Spike: Temporary high coltage
6: Sag: Temporary low voltage
In terms of environmental controls
What is a Blackout?
Prolonged Loss of Power
In terms of environmental controls
What is a Brownout?
Prolonged Low Voltage
In terms of environmental controls
What is a Fault?
Short Loss of Power
In terms of environmental controls
What is a Surge?
Prolonged High Voltage
In terms of environmental controls
What is a Spike?
Temporary high Voltage
In terms of environmental controls
What is a Sag?
Temporary low voltage
In terms of environmental controls
Electrical Faules affect which compponents of Confidentiality - Integrity - Availability (CIA)
Confidentiality - Integrity
In terms of environmental controls
What are the names for the two power loss electrical faults (Short and Prolonged)
1: Blackout: Prolonged Loss of Power
2: Fault: Short Loss of Power
In terms of environmental controls
What are the names for the two low voltage electrical faults (Temporary and Prolonged)
1: Brownout: Prolonged Low Voltage
2: Sag: Temporary low voltage
In terms of environmental controls
What are the names for the two high voltage electrical faults (Temporary and Prolonged)
1: Surge: Prolonged High Voltage
2: Spike: Temporary high Voltage
In terms of environmental controls
What do Surge Protectors, UPSs and Generators do?
Provide protection against electrical failures.
In terms of environmental controls
What does a Surge Protectors do?
Protects equipment from damage due to electrical surges
In terms of environmental controls
How does a surge protector work?
Contains a circuit or fuse which is tripped during a power spike or surge shorting the power or regulating it down to acceptable levels
In terms of environmental controls
what does UPS stand for?
Uninterruptible Power Supplies
In terms of environmental controls
Name three things that a UPS does?
1: Provide temp backup power in the event of a power outage
2: May also clean the power protecting against spikes and surges and other faults
3: Can be used to bridge to generator power
In terms of environmental controls
How does a UPS work?
Power is provided by battery or fuel cells
In terms of environmental controls
What is a limitation to a UPS?
Provides power for a limited time
In terms of environmental controls
What does a Generators do?
Provides power for longer outages and will run as long as fuel is available.
In terms of environmental controls
Name five design characteristics to deploy a generator
1: Store fuel onsite for the period the generator is expected to run
2: Refueling strategies should consider a disaster’s effect on fuel supply and delivery
3: Always place generators above potential floodwaters
4: Make every effort to place them in areas unlikely to be impacted by other natural disasters.
5: Make sure you do the maintenance before the disaster.
In terms of environmental controls
What is EMI (Electromagnetic Interference)
Electricity generates magnetism so any electrical conductor emits EMI.
In terms of environmental controls
What does EMI stand for?
Electromagnetic Interference
In terms of environmental controls
Name three cable types that EMI affects?
1: Circuits
2: Power Cables
3: Network Cables
In terms of environmental controls
What is crosstalk?
Poorly shielded or run too close together can cause crosstalk where magnetism form one cable crosses over to the other
In terms of environmental controls
Which compnents of Confidentiality - Integrity - Availability (CIA) does crosstalk affect?
Confidentiality
Integrity
In terms of environmental controls
Name two mitigation controls for crosstalk
1: Never route power cables close to network cables
2: Cable choice matters
In terms of environmental controls
Name four types of network cable
1: Unshielded twisted pair (UTP)
2: Shielded Twisted Pair (STP) or
3: coaxial cable
4: Fiber Optic Cable
In terms of environmental controls
Of the four types of network cable, which one is not affected by EMI?
Fiber Optic Cable
In terms of environmental controls
What does HVAC stand for?
Heating, ventilation and Air Conditioning
In terms of environmental controls
What do HVAC systems do?
Controls that keep the air at a reasonable temp and humidity.
In terms of environmental controls
How do HVAC systems work?
Closed loop; recirculating treated air; helps to reduce dust and other airborne contaminants
In terms of environmental controls
What do Positive Pressure Drains do?
Air and water are expelled from the building.
In terms of environmental controls
Name two charateristics of Positive Pressure Drains
1: Untreated air should never be inhaled into the building
2: Water should drain away from the building
In terms of environmental controls
What is a comon malfunction to a Positive Pressure Drain system?
Condensation water pooling into the building often going under raised floors undetected.
In terms of environmental controls
What should you document for a Positive Pressure Drain system?
Document the Location of all gas, water and positive drains
In terms of environmental controls
What are HVAC systems designed to do?
HVAC units are designed to maintain optimum heat and humidity levels for computers.
In terms of environmental controls
What is the recommneded hummidity level for a data center?
40-55%
In terms of environmental controls
What is the recommneded Set Point Temp for a data center?
68-77 Degrees F
20-25 Degrees C
In terms of environmental controls
What causes static?
Low humidity
In terms of environmental controls
What is static?
an electrical discharge to balance a positive and a negative electrical imbalance
In terms of environmental controls
Why is static a problem for datacenters?
Sudden static discharge can cause damage to computer equipment
In terms of environmental controls
Name five mitigation controls to reduce the risk of static.
1: Proper humidity
2: Proper grounding
3: Anti-static sprays
4: Wrist straps
5: Work Surfaces
In terms of environmental controls
Why is high humidity a problem in datacenters?
High Humidity may cause water in the air to condense onto and into equipment causing corrosion. Mitigate with
In terms of environmental controls
How do you mitigate the risk of high humidity in datacenters?
proper humidity controls
In terms of environmental controls
What are the two risks of Airborne Contaminants to datacenters?
1: Built up dust can cause overheating and static buildup.
2: Other contaminants can cause corrosion or damaging chemical reactions
In terms of environmental controls
Name two controls to mitigate the risk of Airborne Contaminants in a datacenters?
1: HVAC: Positive pressure keeps untreated air from entering the system
2: HEPA (High Efficiency Particulate Air) Filters in the HVAC system.
In terms of environmental controls
What does HEPA stand for?
HEPA (High Efficiency Particulate Air)
In terms of environmental controls
What are the three detectors of fire?
1: Heat
2: Flame
3: Smoke Detectors
In terms of environmental controls
How does a heat detector work?
May trigger when a specific temp is exceeded or when the temp change rate increases.
In terms of environmental controls
How does a flame detector work?
Detects infrared or ultra-violet light emitted in fire.
In terms of environmental controls
What is a limitation to flame detectors?
Drawback: require line-of-sight to detect; smoke alarms to don’t have this limitation.
In terms of environmental controls
What are the two types of smoke alarms?
1: Ionization
2: Photoelectric
In terms of environmental controls
How do both Ionization and Photoelectric fire alrms work?
Both alarm when smoke interrupts the radioactivity of light, lowering or blocking the electric charge.
In terms of environmental controls
How does the Ionization Smoke Alarm generate an electrical charge?
Ionization-based smoke detectors contain a small radioactive source which creates a small electrical charge.
In terms of environmental controls
How does the Photoelectric Smoke Alarm generate an electrical charge?
Photoelectric-based smoke detectors contain an LED (Light Emitting Diode) and a photoelectric sensor that generates a small charge when receiving light.
In terms of environmental controls
Is either the Photoelectric Smoke Alarm or the Ionization Smake alarm better then the other?
No
In terms of environmental controls
What is one limitation to smoke alarms?
Excessive dust may cause smoke alarms to alert.
In terms of environmental controls
Name two ways that a Fire Detector alarms
1: Locally
2: Centrally monitored by a fire alarm system.
In terms of environmental controls
Why would a Fire Detector use an audible alarm as well as flashing lights
in order to warn deaf and blind people
In terms of environmental controls
What is the difference between Safety Training and Safety Awareness
Training teaches new skill sets.
Awareness changes behavior
In terms of environmental controls
Why is Physical security training and awareness critical
because of the possible stakes: injury or loss of life.
Safety is the primary goal of all physical security controls.
In terms of environmental controls
What are two key characteristics for all Evacuation Routes
1: Establish meeting points where all people meet in the event of an emergency. These are critical so that people do not go back into a dangerous situation to rescue somebody who is actually safe at another location.
2: Special care should be given to any personnel with handicaps.
In terms of Evacuation Roles and Procedures
What does the Safety Warden do?
Ensures that all personnel safely evacuate the building in the event of an emergency or drill.
In terms of Evacuation Roles and Procedures
What does the Meeting Point Leader do?
Ensures that all personnel are accounted for.
In terms of ABCD Fires and Suppression
What does this symbol mean and how do you extinguish these kinds of fires?
Class A: Ordinary Combustibles
Common combustibles such as wood and paper
Most Common
Extinguished with water or soda acid.
In terms of ABCD Fires and Suppression
What does this symbol mean and how do you extinguish these kinds of fires?
Class B: Flammable Liquids
Burning alcohol, oil or other petroleum products such as gasoline.
Extinguished with gas or soda acid; never water.
In terms of ABCD Fires and Suppression
What does this symbol mean and how do you extinguish these kinds of fires?
Class C: Electrical Equipment
Electrical fires occur in equipment or wiring
Conductive fires
Extinguishing agent must be non-conductive (any type of gas) but not soda acid (soda acid can conduct electricity.
In terms of ABCD Fires and Suppression
What does this symbol mean and how do you extinguish these kinds of fires?
Class D: Combustible Metals
Extinguish with dry powder
In terms of ABCD Fires and Suppression
What is a Class K Fire and how do you extinguish these kinds of fires?
Class K: Kitchen Fires
Burning Oil or grease
Extinguish with wet chemicals
In terms of ABCD Fires and Suppression
What are the differences between the US and European coding scheme
A - B - D are the Same
Ordinary - Liquid - Combustable Metals
US uses B for Liquids and flammable gases
Euro use B for Liquids and C for flammable gases
US uses C for Electrical
Euro uses E for Electrical
US uses K for Kitchens
Euro uses F for Kitchens
In terms of ABCD Fires and Suppression
When choosing a Fire suppression agent, what is the one thing you should always do?
Always consult local fire code before implementing a fire suppression system.
In terms of ABCD Fires and Suppression
What is preferred: preventing a fire over extinguishing one.
preventing a fire
In terms of ABCD Fires and Suppression
What are the four methods to suppress a fire?
1: Fire Temperature Reduction
2: Oxygen supply reduction
3: Fuels reduction
4: Chemical Interference
In terms of ABCD Fires and Suppression
What is is usually the recommended fire suppression agent , in the absence of electricity, and is the safest for people.
Water
In terms of ABCD Fires and Suppression
How does water suppress fire?
Suppresses fire by lowering the temperature below the Kindling Point (Ignition Point)
In terms of ABCD Fires and Suppression
Besides lower the fire temp, what else does a Sprinkler Systems do?
Alerts people to evacuate.
In terms of ABCD Fires and Suppression
What is the primary goal of fire safety.
Safe Evacuation
In terms of ABCD Fires and Suppression
What is a Wet Pipe?
water right up to the sprinkler heads.
In terms of Fire Suppression
What is a bulb?
Each head will open independently as the trigger temp is exceeded.
In terms of Fire Suppression
What do the Different bulb colors indicate?
Different colors to indicate ceiling temp trigger
Orange: (135 F / 57 C)
Red: (155 F / 68 C)
Yellow: (175 F / 79 C)
Green: (200 F / 93 C)
Blue: (286 F / 141 C)
In terms of Fire Suppression
What Dry Pipe?
Filled with compressed air.
Water held back by a valve that remains closed as long as sufficient air pressure exists.
Used in areas where water may freeze like parking garages.
In terms of Fire Suppression
What is a deluge?
Deluge: Similar to dry pipes except that the sprinkler heads are larger
In terms of Fire Suppression
What is a Pre-Action?
A combination of wet, dry or deluge systems and require two separate triggers to release water.
Can be single interlock systems or double interlock systems .
In terms of Fire Suppression
What is a Single interlock system?
Single interlock systems release water into the pipes when a fire alarm triggers. The water releases when the heads open.
In terms of Fire Suppression
What is a Double interlock system?
Double interlock systems use compressed air (like dry pipes). The water will not enter the system until both the fire alarm triggers and the sprinkler head opens.
In terms of Fire Suppression
Name two reasons to use a pre-action system?
1: In areas where water may freeze like parking garages.
2: In areas where accidental discharge is costly like museums.
In terms of Fire Suppression
How does a Soda Acid Fire Suppression system work?
Lowers Fire Temp
Used in Class A Fires
Pressurized cylinders filled with Sodium Bicarbonate and water.
A glass vial of acid suspened at the top.
Break the vial and mix the acid with the liquid causes a chemical reaction that would create gas pressurizing the cylinder.
Also creates a foam that float on the surface of some liquid fires and starves the oxygen supply.
In terms of Fire Suppression
How does a Dry Powder Fire Suppression system work?
Lowers Fire Temp
Used in Class D Fires (combustable metals)
Usually made of Sodium Chloride
In terms of Fire Suppression
What are two typical flammable metals?
1: Sodium
2: Magnesium
In terms of Fire Suppression
How does a Wet Chemical fire suppression system work?
Lowers Fire Temp
Used in Class D/F Fires (Kitchen Fires)
Also work on common combustible fires.
Usually Potassium Acetate mixed with water
Covers the grease or oil with a soapy film
In terms of Fire Suppression
How does a Halon or Halon Substitutesl fire suppression system work?
Lowers Fire Temp
Used in Class B/B, B/C and C/E Fires (Liquid, Flmamable Gases and Electrical Equipment)
Many believe they work like CO2 and extinguish the fire through oxygen starvation. This is a secondary affect and minor.
These systems are designed to allow enough oxygen to support human life.
In terms of Fire Suppression
What is the 1989 Montreal Accord (Protocol)?
Montreal Protocol on Substances that deplete the Ozone Layer.
Halon has ozone-depleting properties.
Developed countries agreed to ban production and consumption of new halon by 1 Jan 1994.
Existing systems could be used.
Re-cycled halon can also be used.
In terms of Fire Suppression
Why are Halon systems no longer being used?
No longer recommended due to their age; any existing system is over 15 years old. There are better substitutes.
In terms of Fire Suppression
Name four Halon replacements
1: Argon
2: FE-13: Newest and safest; can be breathed in concentrations as high as 30%. Others only 10-15%.
3: FM-200
4: Inergen
In terms of Fire Suppression
What is the newest and safest Halon Substitute?
FE-13: Newest and safest; can be breathed in concentrations as high as 30%. Others only 10-15%.
In terms of Fire Suppression
How does CO2 work?
Reduces Oxygen supply
Used in Class B/C and C/E Fires (Liquid, Flmamable Gases and Electrical Equipment)
In terms of Fire Suppression
What is a countdown timer?
Count-Down Timers: Visible and Audible timer before gas-based systems are released to allow for personnel evacuation or to stop the release in time due to false alarm.
In terms of Fire Suppression
What is the risk to using CO2?
Risk: Odorless and colorless; humans can suffocate if they are exposed to too much.
Recommended only for areas that have no humans.
Any human entering a CO2 should be trained and probably should use oxygen tanks.
In terms of Fire Suppression
True or False: All Environmental controls and safety procedures must ensure that the safety of all personnel, including those with handicaps.
True
In terms of Fire Suppression
True or False: Always consider “Hire an Expert” as a valid choice.
True
In terms of Fire Suppression
True or False: The safest answer is always the best answer.
True
In terms of Fire Suppression
True or False: The most legal answer is always the best answer.
True
In terms of Fire Suppression
True or False: The most ethical answer is always the best answer.
True
In terms of Fire Suppression
True or False: TThe fairest answer is always the best answer.
True
Low humidity in a data center can cause what problem?
A: Corrosion
B: Airborne Contaminant
C: Heat
D: Static Electricity
D: Static Electricity
2: What should not be used to extinguish a Class C (US) Fire?
A: Soda Acid
B: CO2
C: Inergen
D: FE-13
A: Soda Acid
3: What is the primary drawback in using dogs as a perimeter control?
A: Training
B: Cost
C: Liability
D: Appearance
C: Liability
4: What type of network cable should be used to eliminate the chance of crosstalk?
A: Shielded Twisted pair
B: Unshielded Twisted Pair
C: Coaxial
D: Fiber Optic
D: Fiber Optic
5: Which of the following is an administrative control
A: Locks
B: Asset Tracking
C: Biometrics
D: Fire Alarms
B: Asset Tracking
6: Which halon replacement is considered the safest, breathable in concentration up to 30%
A; Inergen
B: FE-13
C: Fm-200
D: Argon
B: FE-13
7: What is the most important goal of fire suppression systems?
A: Preservation of critical data
B: Safety of personnel
C: Building Integrity
D: Quickly extinguishing a fire
B: Safety of personnel
8: EMI issues such as crosstalk primarily impact which aspect of security?
A: Confidentiality
B: Integrity
C: Availability
D: Authentication
B: Integrity
9: What is the recommended agent for extinguishing a kitchen grease fire?
A: Dry Powder
B: Soda Acid
C: Wet Powder
D: Wet Chemical
D: Wet Chemical
10: What is the most important step to perform while selecting a fire suppression system?
A: Industry research
B: Visit sites with controls you are considering
C: Have an expert consult local fire codes
D: call your insurance company
C: Have an expert consult local fire codes
11: A CRT device is different from a CCD device in what way?
A: A CRT is an analog display; a CCD is a digital camera
B: A CRT is digital display; a CCD is a analog camera
C: A CRT is an analog camera; a CCD is a digital camera
D: A CRT is a digital camera; a CCD is an analog camera
C: A CRT is an analog camera; a CCD is a digital camera
13: What type of sprinkler system would be best for the art gallery?
A: Wet Pipe
B: Dry Pipe
C: Deluge
D: Preaction
D: Preaction
14: You need to discard magnetic hard drives containing PII. Which method for removing PII from magnetic hard drives is considered best?
A: Overwrite every sector on each drive with zeros
B: delete sensitive files
C: Degauss and Destroy
D: reformat the drives
C: Degauss and Destroy
15: How do dry pipe systems work?
A: The sprinkler heads are open; water releases when the deluge valve is opened by a fire alarm.
B: The release water into the pipes when a fire alarm triggers. The water releases once the sprinkler heads open
C: The pipes contain water which is released when the sprinkler heads open.
D: The water is held back by a valve which remains closed as long as sufficient air pressure remains in the pipes. The valve opes once the sprinkler head opens and air pressure drops.
D: The water is held back by a valve which remains closed as long as sufficient air pressure remains in the pipes. The valve opes once the sprinkler head opens and air pressure drops.
