Domain 5: Physical And Environmental Security

Question 0

List some controls that have been implemented for physical security.

Answer 0

Security guards, CCTV, surveillance, intrusion detction, system, requirement for employees to hqv a higher level of security awareness.

Question 1

CCTV =

Answer 1

Closed circuit TV

Question 2

Layered defense model

Answer 2

physical security controls should work together with tiered archicture. `if one fails, the other will protect it.
Thecompany’s most sensitive assets would be placed in the innermost contolled zone of the environment.

Question 3

How does the AIC triad apply to physical security?

Answer 3

1. Availability of company resources
2. Integrity of the assets and environment
3. Confidentiality of the data and business processes.

Question 4

Examples of natural enivornmental threas

Answer 4

Flods, earthquakes, storms and tornadoes, fires, extreme termperature conditions

Question 5

Examples of Supply system threats

Answer 5

power distributions outages, communications interruptions, interruption of other resources such as water, gas, air filtration, etc.

Question 6

Examples of manmade threats

Answer 6

Unauthorized access, both external and internal, explosions, damage by disgruntled employees, employee errors and accidents, vandalism, fraud, themft and others

Question 7

Examples of politically motivated threats

Answer 7

strikes, riots, civil disobedience, terrorist attacks, bombings and so forth

Question 8

What is the priority in physical security

Answer 8

Life safety goals. Protecting human life.

Question 9

Physical security is a combination of:

Answer 9

people, processes, procedures, technology, and equipment, all to protect resources.

Question 10

First thing an organization must do in the planning process is

Answer 10

define the vulnerabilities, threats, threat agents, and targets

Question 11

What is collusion? Is it an internal or external threat?

Answer 11

An internal and external threat, where two or more people work together to carry ut fraudulent activity. Many criminal cases have uncovered insiders working with outsiders to defraud or damage a company.

Question 12

What are some controls for collusion?

Answer 12

procedural protection mechanisms, access contrl, like separation of duties, preemployment background checks, rotations of duties, supervision

Question 13

Physical security goals: drime and disruption prevention through deterrence. Provide examples

Answer 13

fences
security guards
warning signs

Question 14

Physical security program goals - reduction of damage through the use of delaying mechanisms. Provide examples

Answer 14

layers of defense that slow down the adversary
•locks
•security personnel
barriers

Question 15

physical security program goals address: creme or disruption detection. Provide examples

Answer 15

• smoke detectors
• motion detectors
• CCTV

Question 16

Physical security program goals should address: incident assessment

Answer 16

• Response of security guards to detected incidents

* Determination of damage level

Question 17

Physical Security Program goals should address: Response Procedures. Provide examples:

Answer 17

• Fire suppression mechanisms
• Emergency response processes
• Law enforcement notification
• Consultation with outside security professionals

Question 18

What is a performance based approach for physical security.

Answer 18

A method tto determine how beneficial and affective your physical security program is.

Devise measurements and metrics to gauge the effectiveness of your countermeasures.

Management can make informed decisions

Question 19

Name some performance metrics that could be used in performance based approache

Answer 19

• # of successful crimes
• # of successful disruptions
• # of unsuccessful crimes
• time between detection, assessment, and recovery steps
• # false positive detection alerts
• financial loss of successful disruption or crime

Question 20

Physical security design will contorporate controls required for these five categories:

Answer 20

1- deterrence
2 - delaying
3 - detection
4 - assessment
5 - response

Question 21

CPTED

Answer 21

Crime Prevention through Environmental Design

A discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. Provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.

Question 22

Physical security target hardening focuses on

Answer 22

denying access through physical and artificial barriers likes alarms, locks, fences

Question 23

You want to protect a side door. Describe the target hardening approach and the CPTED approach.

Answer 23

Target hardening: locks, alarms, cameras on the door; access control mechanism like proximity reader; security guards to monitor

CPTED: no sidewalk leading to the door, no tall trees or bushes to offer seclusion.

Question 24

What are the 3 main strategies that CPTED brings together the physical environment with social behavior to increase overall protection?

Answer 24

1 - Natural Access Control
2 - Natural Surveillance
3 - Natural Territorial Reinforcement

Question 25

What is natural access control?

Answer 25

Guidance of people entering and leaving a space by the placement of doors, fences, lighting, landscaping.

Question 26

Principles of natural surveillance

Answer 26

Natural surveillance strategies include straight lines of sight, low landscaping, raised entrances.

Goal: make criminals feel uncomfortable by providing many ways observers could potentially see them and to make other people feel safe and comfortable by providing an open and well-designed enviornment.

Question 27

Natural Territorial Reinforcement

Answer 27

Creates physical designs that emphaiszeor extend the company’s physical sphere of influence so that leginitimate users feel a sense ovf ownership of that space.

Question 28

Every organization should have a facility safety officer. What is their main job?

Answer 28

• Understand all the components that make up the facility and what the company needs to do to protect its assets and stay within compliance.
• Oversee facility management duties day in and day out
• Be heavily involved with the team that has been organized to evaluate the organizations physical security program

Question 29

What is a physical security program?

Answer 29

• A collection of controls that are implemented and maintained to provide the protection levels necessary to be in compliance with the physical security policy.
• Should embody all regulations and laws
• Should sett the risk level the company is willing ot accept.

Question 30

What are some issues with selecting a facility site? (4)

Answer 30

1. Visibility (surrounding terrain, building markings and signs, types of neighbors, population of the area)
2. Surrounding area and external entities (crime rate, riots, terrorism attacks. Proximity to police, medical, and fire stations. Possible hazards from surrounding area)
3. Accessibility (road acces. Traffic. Proximity to airports, train stations, highways).
4. Natural disaster (likelihood of floods, tornadoes, earthquakes, or hurricanes. Hazardous terrain like mudlides, falling rock, excessive snow/rain).

Question 31

When designing and buliding a facility, what needs to be addressed from a physical security point of view with the walls?

Answer 31

• combustibility of material (wood, steel, concrete)
• fire rating
• reinforcements for secured areas

Question 32

When desigining and builidng a fcility, what needs to be addressed from a physical security point of view with the doors?

Answer 32

• combustibility of material (wood, pressed board, aluminum)
• fire rating
• resistance to forcibile entry
• emergency marking
• placement
• locked or controlled entrance
• alarms
• secure hinges
• directional openings
• electic door locks that revert to an unlocked state for safe evacuation in power outages
• type of glass - shatterproof or bulletproof glass requirements

Question 33

When desigining and building a facility, what needs to be addressed from a physical security point of view for the ceilings?

Answer 33

• combustibility of material (wood, steel, concrete)
• fire rating
• weight-bearing rating
• drop ceiling considerations

Question 34

When designing and bulidng a facility, what needs to be addressed from a physical sec POV for the windows?

Answer 34

• translucent or opaque requirements
• shatterproof
• alarms
• placement
• accessibility to intruders

Question 35

When desiging/building a facility, waht needs to be considered about the flooring?

Answer 35

-weight-bearing rating
- combustibiity of material (wood, steel, concrete)
- fire rating
raised flooring
nonconducting surface and material

Question 36

When designing and building a facility, what needs to e addressed with the HVAC?

Answer 36

Heating, ventilation, and air conditioning:

• positive aire pressure
• protected intake vents
• emergency shutoff valves and switches
• placement

Question 37

When desiging/building a facility, wha tneeds to be addressed for the elctric power supplies:

Answer 37

• backup and alternate power supplies
• clean and steady power source
• dedicated feeders to required areas
• placement and access to distribution panels and circuit breakers

Question 38

When desigining/building a faciility, what needss to be considered with the water and gas lines?

Answer 38

• shutoff valves (labeled and brightly painted for visibility)
• positive flow (material flows out of builidng, not in)
• placement (properly located and labeled)

Question 39

When desigining/building a faiclity, what needs to be considered with fire detection and suppression?

Answer 39

• placement of sensors and detectors
• placement of suppressin system
• types of detectors and suppression agents

Question 40

Light frame construciton material provides the ____ amount of protection against fire adn forcible entry attempts.

Answer 40

least

Question 41

Which type of construction material is commonly used for office buildings?

Answer 41

heavy timber

Question 42

There are requirements on ____ and ____ of the heavy timber construciton material to provide more protection from fire.

Answer 42

Thickness & Composition

Question 43

Requiremnts for heavy timber construction material include;

Answer 43

• be at least 4” in thickness
• denser woods, fastened with metal bolts and plates
• fire rate of one hour

Question 44

Example of incombustible material and what does it provide? What’s a negative side of this?

Answer 44

• Steel.
• Provides a higher level of fire protection.
• Loses strength under extreme temperatures which could cause the building to collapse.

Question 45

Fire-resistant material: what is it, how it made, what does it do?

Answer 45

• Construction material is fire-retardant.
• Could have steel rods encased inside of concrete walls and support beams
• Provides most protectioin against fire and forced entry attempts.

Question 46

Examples of entry points

Answer 46

Doors, windows, roof access, fire escapes, chimneys, service delivery access points.

Question 47

Why are mantraps used and how to they work?

Answer 47

Used so unauthorized individuals entering a facility cannot get in or out if it is activated.

It is a small roomw ith two doors; first is locked. Person is identified and authenticated by a security guard/biometric system/smart card reader/swipe card reader. Once aaccess is authorized first door opens and person enters mantrap and is locked in. Person must be authenticated againbefore the 2nd door ulocks and allows him into the facility.

Also possibility to weigh a person to control piggybacking.

Question 48

Describe doorways with automatic locks with teh fail-safe setting.

Answer 48

if a power disruption occurs that affects the automatic locking system, the doors default to being unlocked. Deals with portecting people.

Question 49

Describe doorways with a fail-secure configuration.

Answer 49

Default to being locked if there are any problems with the power.\
Best for doors that people do not need to use for escape.

Question 50

Entry Point: Windows

This type of window is commonly used in residential homes and easily broken.

Answer 50

Standard Glass

Question 51

Entry points: windows.

This type of glass is made by heating the glass and then suddenly cooling it which increases the mechanical strenght meaning it can handle more stress and is harder to break. It’s also five to sevent imes stronger than standard glass.

Answer 51

Tempered glass.

Question 52

Acrylic glass can be made out of ______ which is ____ than standard glass but produces ______ if burned. These might be prohibilted by fire codes. The strongest window material is ___________, resistent to a wide rangte of threats, but much more expensive.

Answer 52

Polycarbonate acrylic.
stronger
Toxic fumes
glass-glad polycarbonate

Question 53

Glass with embedded wires helps…

Answer 53

reduce the likelhood of the window being broken or shattering

Question 54

This kind of glass has two sheets of glass with a plastic film in between. It makes it more difficult to break, and can come in different depths (the greater the depth, harder to break).

Answer 54

Laminated glass.

Question 55

• vertically to save space
• mounted on racks or placed inside equipment cabinets
• wiring close to equipment to save on cable costs and reduce tripping hazards

Answer 55

How should you store smaller systems?

Question 56

UPS

Answer 56

Uninterrupted Power Supply

Question 57

What are the main threats that physical security components combat?

Answer 57

Theft, interruptions to services, physical damage, compromised system and environment integrity, and unauthorized access.

Question 58

Protection mechanisms against stolen laptops:

Answer 58

nventory, with serial #
○ Hardent the OS
○ Password-protect the BIOS
○ Register with the vendor and file report when stolen. If sent in for repairs, it will be flagged.
○ Do not check a laptop as luggage
○ Never leave unattended. Carry in a nondescript carrying case.
○ Engrave with a symbol or # fo rID.
○ Use a slot lock with a cable to connect to a stationary object
○ Backup data
○ Use specialized safes for laptops
Encrypt sensitive data.

Question 59

Name some of the goals of smart grids (5)

Answer 59

1 - self-healing
2 - resistent to physical and cyber-attacks
3 - bidirectional communicaiton capabilities
4 - increased efficiency
5 - better integration of renewable energy sources

Question 60

Name some of the computerized components of the Smart Grid

Answer 60

Smart meters, smarth thermostats, amutomated control software, automated feedback loops, digital scheduling and load shifting

Question 61

What are the three ways protecting power can be done?

Answer 61

1 - UPSs
2 - Power Line Conditioners
3 - backup sources

Question 62

How does a UPS work? Online and standby.

Answer 62

uses battery packs (range in size and capacity).

Online: Use AC line voltage to charge a bank of batteries. While in use, the UPS has an inverter that changes the DC output from the batteries when required AC form and that regulates the voltage as it powers computer devices.

Question 63

Because Online UPS systems have the _______ passing through them,t they can easily detect ____.

Answer 63

normal primary power

when a power failure takes place

Question 64

Standby UPS devices stay ______ until a power line fails. The system has ______ that detect a power failure and the load is switched to the battery pack

Answer 64

Inactive

sensors

Question 65

+/- to online v. standby UPS

Answer 65

Online picks up the power failure more quickly

standby costs less.

Question 66

Whena re backup power supplies necessary?

Answer 66

when an outage will last longer than a UPS can last.

Question 67

Backup supplies can be a _______ from another electrical substation fo rfrom a motor generator, and can be used to _______ or to _______.

Answer 67

redundant line
supply main power
charge batters of a UPS system

Question 68

When clean power is being provided, power supply contains no_____ or _____

Answer 68

interference (line noise)

• electromagentic interference (EMI)
• radio frequency interference (RFI) - can cause disrubance in the flow of electic power when it travels across a power line.

Question 69

What causes RFI (radio frequency interference)

Answer 69

anything that creates radio waves.

flourescent lighting (mitigate by shielded cabling)

Question 70

Why is interference damaging to people and devices?

Answer 70

interrupts the flow of an electrical current and can deliver a different level of voltage than what was expected.

Question 71

Electric power voltage fluctaitons: Power Execess (2)

Answer 71

1. Spike: momentary high voltage

2. Surge: prolonged high voltage. One of th emsot common power publesm, controlled with surge protectors.

Question 72

Electric power voltage fluctuations: Power loss (2)

Answer 72

1 - Fault: Momentary power outage

2 - Blackout: Prolonged, complete loss of electric power

Question 73

Electric power voltage fluctuations: Power degredation (3)

Answer 73

1 - Sag/dip: momentary low-voltage condition, from one cycle tpo a few seconds
2 - brownout: prolonged power supply that is below normal voltage
3 - In-rush current: initial surge of current required to a load

Question 74

Ground

Answer 74

Pathway to the eart that enable excessive voltage to disspate

Question 75

Noise

Answer 75

Electromagnetic or frequency interference that disrupts the power flo and can cause fluctations

Question 76

Transient Noise

Answer 76

Short duration of power line disruption

Question 77

Clean Power

Answer 77

Electrical current that does not flucturate

Question 78

EMI

Answer 78

Electromagnetic interference

Question 79

RFI

Answer 79

Radio frequency interference

Question 80

What can cause a surge and how are the protected?

Answer 80

Caused by: strong lightning strike, power plant going onlien or offline, shift in commercial utility power grid, electrical equipment within a business starting and stopping.

Protected by surge protecture which moves the excess voltage to-ground (absorbs extra current before passed onto electrical devices).

Question 81

A blackout is when _____. This can be caused by ____. A _____ is required for business continuity.

Answer 81

voltage drops to zero
lighning, a car taking out a power line, storms, or failure to pay the bill
backup power source

Question 82

A brownout is when the voltage in a electrical grid is _____ because of _____. ______ can be used to regulate this fluctuation of power. They can use ______ of voltage and only release the expected _____ volts of alternating current to devices.

Answer 82

reduced
high demand
constant voltage transformers
120

Question 83

What can be used to ensure a clean and smooth distribution of power? (2)

How do they work?
What’s the goal?

Answer 83

1 - voltage regulators
2 - line conditioners

The primary power runs through a regulator or conditioner, they have the cability to absorb the extra current if there is a spike and to store energey to add current to the line if there is a sag.

Goal: keep the current flowing at a nice, steady level.

Question 84

Surges, sags, brownouts, blackouts, and voltage spikes frequently cause ____ _____, so data centers are built to provide a high level of protection.

Answer 84

data corruption

Question 85

What are some preventitive measures and good practices when protecting devices when dealing with electric power issues? (10)

Answer 85

1 - surge protectors to protect from excessive current
2 - shut down devices in an orderly fashion - help avoid data loss or damage
3 - power line monitors (detect frequency and voltage amplitude changes)
4 - use regulaators (keep voltage steady and power clean)
5 - protect distriubtion panels, master circuit breakers, transformer cables with access controls
6 - protection from magnetic induction t hrough shielded ines
7 - shielded cabling: long cable runs)
8 - do not run data or power lines directly over flourescent lights
9 - 3-pronged connections or adapters if using 2-pronged connections
10 - don’t plug outlets and extensions into eachother.

Question 86

During facility construction, physical security team must make certain that water, steam, and gas lines have proper ____ and ______, which means ______.

Answer 86

shutoff valves
positive drains
their contents flow out instead of in

Question 87

Physical security is usually the first line of defense against ______ risks and _______.

Answer 87

environmental

unpredictable human behavior