Physical and Environmental Security Controls

Question 1

Physical Controls

Answer 1

• Physical controls are the first line of defence in securing an infrastructure.
• No matter how strong technical controls are, if an adversary gains physical access to a server or premises, the security is compromised.
• Physical security is often overlooked or underestimated, with the misconception that technology can solve all security problems.
• An open door to premises is equivalent to not having a password to secure a computer.
• Attackers will always target the easiest option, so physical access to premises can lead to unauthorized network access.
• Physical controls are essential to prevent unauthorized entry, protect hardware and equipment, and safeguard against theft or tampering.
• Examples of physical controls include access control systems, surveillance cameras, locks, alarms, and secure data centre facilities.
• Organizations must prioritize physical security measures to ensure the overall security of their cloud infrastructure and data.

Question 2

Which of the following statements best describes the importance of physical controls in cloud computing?

A) Physical controls are not necessary in cloud computing since all security measures are handled through technical controls.

B) Physical controls are the first line of defence in securing an infrastructure and help prevent unauthorized access to premises and equipment.

C) Physical controls are optional and can be overlooked if strong technical controls are in place.

D) Physical controls are only relevant for on-premises infrastructure and not applicable to cloud environments.

Answer 2

B) Physical controls are the first line of defence in securing an infrastructure and help prevent unauthorized access to premises and equipment.

This statement highlights the importance of physical controls in ensuring the security of cloud infrastructure by protecting against physical threats.

Question 3

Which of the following is an example of a physical control in cloud computing?

A) Firewall configuration and management

B) Intrusion detection system (IDS)

C) Encryption of data at rest

D) Biometric access control system for a data centre entrance

Answer 3

D) Biometric access control system for a data centre entrance

This option represents a physical control as it involves the use of biometric authentication (such as fingerprint or iris scan) to regulate access to the physical location where the cloud infrastructure is housed.

Question 4

Objectives of Physical Security

Answer 4

1. The main objectives of physical security controls are to protect assets from damage, loss, and theft.
2. People safety is always paramount, as people should be considered the most valuable asset.
3. Damage and loss can both apply to people assets, emphasizing the importance of prioritizing people’s safety.
4. Physical security aims to provide protection against various threats, including unauthorized intruders, fire, flood, and loss of essential utilities (e.g., power).
5. Physical security controls also aim to prevent damage to or loss of assets through theft.
6. In summary, the objectives of physical security are asset protection, people safety, and safeguarding against unauthorized access, fire, flood, utility loss, and asset theft.

Question 5

Which of the following is NOT one of the main objectives of physical security controls?

A) Protecting assets from damage
B) Ensuring people safety
C) Preventing unauthorized access
D) Enhancing network security

Answer 5

D) Enhancing network security

The objectives of physical security controls primarily focus on protecting assets from damage, ensuring people safety, and preventing unauthorized access. Enhancing network security falls under the realm of information security, which is a separate discipline from physical security. Physical security measures are primarily concerned with protecting physical assets and the safety of individuals within a physical environment, while network security deals with securing digital networks, systems, and data.

Question 6

Which of the following is considered one of the primary threats that physical security controls aim to protect against?

A) Data breaches
B) Social engineering attacks
C) Fire and flood
D) Malware infections

Answer 6

C) Fire and flood

Physical security controls aim to protect against various threats, including unauthorized intruders, fire, flood, loss of essential utilities, and asset theft. Fire and flood pose significant risks to physical assets, infrastructure, and the safety of individuals within a premises. Physical security measures such as fire detection systems, sprinkler systems, fireproof storage, and flood barriers are implemented to mitigate the potential damage and loss caused by these natural disasters. While data breaches, social engineering attacks, and malware infections are important concerns, they primarily fall within the scope of information security rather than physical security.

Question 7

Facility Security

Answer 7

1. The security measures required for securing premises depend on the type of facility.
2. Stand-alone buildings in their own grounds require different security measures compared to offices in multi-storey buildings.
3. The starting point for physical security in a stand-alone building is the grounds perimeter, which can be protected by a fence or wall.
4. The type of fence or wall used determines whether it functions as a deterrent or a preventative control.
5. A higher fence, such as a 2-meter wire mesh fence topped with razor wire and electrified, provides a more serious deterrent and is considered a preventative control.
6. However, determined intruders may still find ways to overcome the perimeter barrier.
7. Additional controls for perimeter defence can include lighting, CCTV surveillance, and even guard dogs.
8. The presence of multiple controls may indicate that the property contains valuable assets, potentially making it a more attractive target.
9. High-value targets may have multiple fence or wall boundaries to increase the difficulty for intruders, similar to the layered Défense of castles.
10. Access portals or entry points within the perimeter need to be protected as well.
11. Multiple layers of security are designed to restrict access to information assets, with the server room being the equivalent of the castle’s keep.

In summary, facility security involves securing the perimeter, implementing deterrent and preventative controls, considering multiple layers of Défense, and protecting access portals within the premises.

Question 8

Which of the following is a key objective of facility security?

A) Enhancing network performance
B) Minimizing operational costs
C) Protecting premises and assets
D) Ensuring regulatory compliance

Answer 8

C) Protecting premises and assets

Facility security primarily focuses on safeguarding the premises and assets within a facility. This includes implementing physical security measures to prevent unauthorized access, damage, loss, and theft. Enhancing network performance (choice A) falls under the scope of network management and optimization, not specifically facility security. Minimizing operational costs (choice B) is an objective that relates to business efficiency and cost management, but it is not directly tied to facility security. Ensuring regulatory compliance (choice D) is an important consideration, but it is a broader objective that encompasses various aspects of business operations, including facility security. Protecting premises and assets is the primary objective of facility security.

Question 9

Which of the following is a potential negative aspect of implementing multiple security controls within a facility?

A) Increased deterrence for potential intruders
B) Indication of valuable assets within the facility
C) Enhanced safety measures for employees
D) Improved regulatory compliance standards

Answer 9

B) Indication of valuable assets within the facility

Implementing multiple security controls within a facility can inadvertently indicate the presence of valuable assets. While having multiple security controls may enhance security and deter potential intruders (choice A), the downside is that it may also draw attention to the fact that there are valuable assets within the facility. This can make the facility a more attractive target for intruders. Enhanced safety measures for employees (choice C) are generally seen as a positive outcome of implementing security controls. Improved regulatory compliance standards (choice D) can also be a positive result, but it is not directly related to the potential negative aspect of indicating valuable assets.

Question 10

Manned Perimeter

Answer 10

1. Manned perimeter security involves deploying security guards at the perimeter and gateways of a facility.
2. Security guards can make judgements, patrol the perimeter, control personnel, monitor CCTV, and act as a deterrent.
3. Guard dogs can detect human presence, act as a deterrent, and detect things that humans may miss.
4. Additional security controls for external areas can include physical intrusion detection systems.
5. Lighting is commonly used as a deterrent control to discourage potential intruders.
6. Proper installation and effectiveness of lighting are essential to prevent dark or shadow areas from being exploited.
7. External lighting can be utilized in different ways, such as flood lighting to cover all areas, trip lighting activated by sensors, projection lighting to blind intruders at the top of fences or walls, and moveable lighting to track moving objects.

In summary, a manned perimeter with security guards and guard dogs provides various benefits, including judgements, patrols, personnel control, monitoring, and detection capabilities. Lighting serves as a deterrent and can be implemented through flood lighting, trip lighting, projection lighting, and moveable lighting. The effective deployment of these measures helps enhance facility security.

Question 11

Which of the following is a benefit of having manned security guards at the perimeter of a facility?

A) Efficient utilization of lighting resources
B) Improved network performance monitoring
C) Enhanced control over personnel
D) Increased reliance on physical intrusion detection systems

Answer 11

C) Enhanced control over personnel

Manned security guards at the perimeter provide enhanced control over personnel by monitoring and managing access, ensuring only authorized individuals enter the facility. This improves security and accountability. The other options are not direct benefits of having manned security guards.

Question 12

Securing the Premises

Answer 12

1. Minimize the number of physical entrances to improve control over access
2. External doors should be robust, solid, and have concealed or tamper-proof hinges
3. Doors with glass should be laminated or wired to prevent easy breakage.
4. Avoid placing windows next to doors to prevent intruders from breaking the window to access the door handle.
5. Different types of locks include ward locks, tumbler locks, digi-locks, smart locks, and combination locks.
6. Protect door keys or fobs to prevent unauthorized access.
7. Physical access control systems use locks and technology to control and monitor access to the facility.
8. CCTV provides oversight of entry, and smart locks with swipe cards record entry and exit digitally.
9. Security guards can provide manual oversight of physical entry and assist in case of access problems.
10. Inside the facility, CCTV and motion detectors can monitor movement and alert security or law enforcement in case of intruders.
11. Authorized staff should wear ID badges displaying at least a photograph and name, which can also function as an authentication mechanism.

In summary, securing the premises involves minimizing entrances, using robust doors and locks, implementing physical access control systems, monitoring access with technology like CCTV and motion detectors, and ensuring authorized personnel wear ID badges for identification and movement control within the facility.

Question 13

Which of the following is a recommended practice for securing external doors of a facility?

A) Installing windows next to the doors for increased visibility

B) Using solid doors made of non-robust materials

C) Concealing hinges or using tamper-proof hinges

D) Using only traditional key locks without additional security measures

Answer 13

C) Concealing hinges or using tamper-proof hinges

Concealing hinges or using tamper-proof hinges is a recommended practice for securing external doors of a facility. By doing so, it prevents intruders from attempting to remove the hinge pins and gain unauthorized access. Installing windows next to the doors (choice A) may provide visibility but can also pose a security risk. Using non-robust doors made of non-robust materials (choice B) would not offer sufficient protection. Using only traditional key locks without additional security measures (choice D) may not provide adequate security against potential threats.

Question 14

What is the purpose of a physical access control system in facility security?

A) Monitoring employee productivity within the premises

B) Restricting access to the facility based on time of day

C) Detecting physical threats such as fire or flood

D) Controlling and recording individuals’ passage through openings

Answer 14

D) Controlling and recording individuals’ passage through openings

The purpose of a physical access control system in facility security is to control and record individuals’ passage through openings. It enables organizations to manage and monitor access to the facility by using various methods such as locks, key cards, biometrics, or smart locks. The system helps enforce security policies, track and log entry and exit, and restrict access based on authorized privileges. Monitoring employee productivity (choice A), restricting access based on time of day (choice B), and detecting physical threats (choice C) are not the primary functions of a physical access control system.

Question 15

Equipment Protection

Answer 15

1. Objectives of physical security include preventing loss or theft of physical assets, including PCs, laptops, and technical equipment.
2. Theft can occur from both external threat actors and internal staff, with greater threats to more portable items.
3. Maintain an up-to-date comprehensive asset register to record physical assets, their owners, and locations.
4. All equipment should have tamper-proof asset tags affixed.
5. Secure servers in locked racks within a locked server room.
6. Secure laptops with cables and locks, and networking equipment in cabinets or wiring closets accessible only to authorized personnel.
7. Establish a physical security policy that governs the movement of equipment on and off-site.
8. Control what equipment can be taken off-site, considering staff working from home, and ensure the asset register reflects the location of assets.

In summary, protecting equipment involves maintaining an asset register, securing equipment with tamper-proof tags and physical restraints, controlling access to server rooms and networking equipment, and establishing a physical security policy for equipment movement.

Question 16

Which of the following is a recommended measure for protecting laptops and portable devices from theft?

A) Keeping laptops unlocked and unattended in common areas

B) Using tamper-proof asset tags on laptops

C) Storing laptops in easily accessible and visible locations

D) Allowing unauthorized personnel to access networking equipment

Answer 16

B) Using tamper-proof asset tags on laptops

Using tamper-proof asset tags on laptops is a recommended measure for protecting them from theft. Asset tags help identify and track laptops, making it difficult for thieves to sell or use stolen devices without being detected. Keeping laptops unlocked and unattended in common areas (choice A) increases the risk of theft. Storing laptops in easily accessible and visible locations (choice C) also makes them more vulnerable to theft. Allowing unauthorized personnel to access networking equipment (choice D) poses security risks and can lead to unauthorized access or tampering.

Question 17

Why is maintaining an up-to-date asset register important for equipment protection?

A) To track employee productivity

B) To comply with regulatory requirements

C) To identify potential vulnerabilities in the facility

D) To record the location and ownership of physical assets

Answer 17

D) To record the location and ownership of physical assets

Maintaining an up-to-date asset register is important for equipment protection to record the location and ownership of physical assets. The asset register helps track the whereabouts of equipment, which is crucial for asset management and security. It allows organizations to have a clear inventory of their assets, identify any missing or misplaced items, and ensure accountability. Tracking employee productivity (choice A), complying with regulatory requirements (choice B), and identifying potential vulnerabilities in the facility (choice C) may be important but are not the primary reasons for maintaining an up-to-date asset register in the context of equipment protection

Question 18

Environment Security - Electricity Supply

Answer 18

• Power supply needs to be maintained at the correct voltage and stable for proper functioning of equipment.
• Uninterruptible power supplies (UPS) and generators can ensure continuity of mains power.
• UPS serves three purposes: maintaining server operation during power outages, acting as an interim power source while starting the generator, and removing noise from the mains supply.
• Generators should have sufficient capacity for the expected load and require fuel replenishment.
• Technical controls play a significant role in physical security, alongside physical controls like fences and locks.
• Physical access control systems limit physical access to premises.
• Physical intrusion detection systems, or burglar alarms, are used for detecting unauthorized entry.
• Controlling the environment helps mitigate electronic signal emanations.

Question 19

Which of the following is one of the purposes of using an uninterruptible power supply (UPS) in relation to physical security?

A) To generate additional power for high-demand equipment

B) To provide a backup power source during power outages

C) To regulate the voltage of the mains power supply

D) To detect and prevent unauthorized access to the power supply

Answer 19

B) To provide a backup power source during power outages

One of the purposes of using an uninterruptible power supply (UPS) in relation to physical security is to provide a backup power source during power outages. UPS systems are designed to supply power to critical equipment and systems, such as servers, in the event of a mains power failure. This ensures that essential operations can continue uninterrupted and allows for an orderly shutdown if needed.

Question 20

Why is it important for a generator to have sufficient capacity for the expected load?

A) To minimize fuel consumption
B) To maintain a stable power supply
C) To reduce the size of the generator
D) To ensure compatibility with the UPS system

Answer 20

B) To maintain a stable power supply

It is important for a generator to have sufficient capacity for the expected load in order to maintain a stable power supply. Generators need to provide enough power to meet the demands of the equipment and systems they are powering. Insufficient capacity can result in voltage fluctuations, power surges, or even complete power failures, which can disrupt operations and potentially damage equipment. Having the right capacity ensures a reliable and stable power supply during normal operation and when transitioning from the UPS to generator power.

Question 21

Environment Security - Access control systems

Answer 21

• Access control systems are used to ensure that only authorized personnel can enter a facility.
• Smart cards or tokens can be used for access control, either as proximity devices or for swiping through readers.
• The use of smart cards can be recorded by a central system, providing a record of entry and exit.
• Mantraps are a common implementation for controlling physical access, consisting of two doors where the first door must be accessed, passed through, and closed before the second door can open.
• Mantraps may require authentication with cards and/or PINs, and may also have weight sensors to detect unauthorized individuals.
• Mantraps help eliminate risks such as tailgating and piggybacking, where unauthorized individuals attempt to pass through an opening following authorized individuals.
• Tailgating occurs when an unauthorized individual passes through with the knowledge of the authorized person in front.
• Piggybacking occurs when an unauthorized individual passes through with the knowledge of the person in front, often by requesting them to hold the door open.

Question 22

Which of the following is a common implementation for controlling physical access and helps eliminate risks such as tailgating and piggybacking?

a) Smart cards
b) Mantrap
c) Biometric authentication
d) CCTV surveillance

Answer 22

b) Mantrap

A mantrap is a common implementation for controlling physical access and helps eliminate risks such as tailgating and piggybacking.

Question 23

What is the purpose of using smart cards or tokens in an access control system?

a) To provide proximity access to a facility
b) To record entry and exit of individuals
c) To authenticate both physical and logical access
d) All of the above

Answer 23

d) All of the above

Smart cards or tokens are used in an access control system to provide proximity access, record entry and exit, and authenticate both physical and logical access

Question 24

Environment Security - Intrusion Detection Systems

Answer 24

Key Notes on Intrusion Detection Systems:

1. Purpose: Intrusion detection systems are designed to detect the presence of unauthorized individuals within a facility.
2. Entry Point Controls: Balanced magnetic switches can be installed on doors and windows to provide indications when they are opened, helping detect potential intrusions.
3. Detection Mechanisms: Passive infrared sensors (PIRs) can sense body heat and motion detectors can function like radar to detect the presence of humans within the facility.
4. Alarm Systems: Alarms can be local or centralized in a control room, or both, providing a clear indication that a response is required.
5. Silent Alarms: At the point of intrusion, alarms may be silent to maintain covert detection, increasing the chances of apprehending the intruder.

Question 25

Which of the following detection mechanisms in intrusion detection systems senses body heat or motion to detect the presence of humans within a facility?

a) Magnetic switches
b) Passive infrared sensors (PIRs)
c) Radar detectors
d) Centralized alarms

Answer 25

b) Passive infrared sensors (PIRs)

Passive infrared sensors are commonly used in intrusion detection systems to detect the presence of humans by sensing their body heat or motion. They are effective in detecting unauthorized individuals within a facility.

Question 26

What is the advantage of using silent alarms in intrusion detection systems?

a) They provide immediate audible alerts to scare off intruders.

b) They allow unauthorized individuals to go undetected.

c) They increase the chances of apprehending intruders.

d) They eliminate the need for centralized control rooms.

Answer 26

c) They increase the chances of apprehending intruders.

Silent alarms in intrusion detection systems do not make any audible alerts when triggered. This increases the chances of apprehending intruders as they are unaware that their presence has been detected. It allows for a covert response, providing a better chance of catching the intruder in the act.

Question 27

Emanations and sniffing

Answer 27

Emanations refer to the potential leakage of information via electromagnetic radiation.

Sniffing involves intercepting information from data cables or computer systems through electromagnetic radiation.

Computer displays also emit electromagnetic radiation that can be read from a distance.

Shielding is the primary solution to mitigate electromagnetic radiation. Shielded Twisted Pair (STP) cables, sheathed in metal and earthed, can prevent radiation leakage.

Faraday cage is an effective solution to shield the entire environment by creating a metal cage that blocks electromagnetic radiation.

TEMPEST is a term used to describe the technology of shielding electromagnetic radiation. It involves building a Faraday cage.

Encryption of data in transit over a wire is essential to mitigate interception and ensure that intercepted data is not valuable.

Fibre-optic cables are less susceptible to tapping and electromagnetic radiation because they use light as the transmission medium.

Wireless signals also radiate beyond boundaries, so encryption is crucial for securing information in transit.

Question 28

What is the primary solution to mitigate the leakage of information through electromagnetic radiation?

a) Encryption
b) Faraday cage
c) Fibre-optic cables
d) Shielding

Answer 28

d) Shielding

Shielding is the primary solution to mitigate the leakage of information through electromagnetic radiation. It involves blocking the passage of radiation by using electromagnetic shields or Faraday cages.

Question 29

Which type of networking cable is sheathed in metal and earthed to prevent radiation leakage?

a) Shielded Twisted Pair (STP)
b) Coaxial cable
c) Fibre-optic cable
d) Unshielded Twisted Pair (UTP)

Answer 29

a) Shielded Twisted Pair (STP)

Shielded Twisted Pair cables are sheathed in metal and earthed, which prevents the leakage of electromagnetic radiation and offers a practical solution in high-security areas.

Question 30

What is the purpose of a Faraday cage?

a) To intercept wireless signals
b) To create an electromagnetic shield
c) To tap into data cables
d) To decode encrypted information

Answer 30

b) To create an electromagnetic shield

The purpose of a Faraday cage is to create a shield against electromagnetic radiation. It effectively blocks the radiation from within the cage from leaking outside, ensuring the protection of sensitive information.

Question 31

Security at the Workplace

Answer 31

1. Clear desk policy:
   
   • Desk items should be secured in drawers or lockers to prevent unauthorized access or loss of sensitive information.
   • Implement a policy to keep the desk clear when unattended, especially in highly sensitive areas.
   • Maintain spatial awareness to be aware of surroundings and potential unauthorized individuals.
2. Clear screen policy:
   
   • Avoid leaving information visible on screens that could be viewed by others.
   • Use screen filters to restrict the viewability of the screen to only those directly in front of it.
   • Lock the screen when not attended, and apply basic security measures for remote working.
3. Screensavers and lockouts:
   
   • Activate screensavers after a period of inactivity to protect sensitive information.
   • Require authentication to remove the screensaver, similar to returning to a locked workstation.
   • Consider using facial recognition technology for reauthentication.
4. Surveillance measures:
   
   • Implement CCTV systems in the workplace to monitor and detect unrecognized or suspicious individuals.
   • Security guards can provide additional levels of security through monitoring CCTV or physical patrols.
   • Use indicators, such as a bright background, to notify cameras or individuals when sensitive information is being accessed.
5. Security awareness training:
   
   • Conduct periodic security awareness training to reinforce the importance of workspace security.
   • Remind staff members of their responsibilities regarding protecting sensitive information.

Question 32

What is the purpose of a clear desk policy?

a) To prevent unauthorized access to sensitive information
b) To enhance spatial awareness in the workplace
c) To maintain a tidy and organized workspace
d) All of the above

Answer 32

d) All of the above

Question 33

What is a suitable mitigation measure for shoulder surfing?

a) Using screen filters to restrict the viewability of the screen

b) Locking the screen when not attended

c) Implementing facial recognition technology for reauthentication

d) All of the above

Answer 33

a) Using screen filters to restrict the viewability of the screen

A suitable mitigation measure for shoulder surfing is to use screen filters that limit the viewing angles of the screen. These filters allow only the person directly in front of the screen to see the displayed information, preventing unauthorized individuals from reading sensitive content.

Question 34

How can surveillance measures enhance workspace security?

a) CCTV systems can monitor and detect unauthorized individuals

b) Security guards can provide additional physical oversight

c) Bright backgrounds can indicate when sensitive information is being accessed

d) All of the above

Answer 34

d) All of the above

Surveillance measures can enhance workspace security in multiple ways. CCTV systems provide a comprehensive view of the workplace, allowing for the detection of unauthorized individuals or suspicious behaviour. Security guards, whether monitoring the CCTV or conducting physical patrols, contribute to additional levels of security. The use of bright backgrounds on computer screens can serve as a visual indicator to cameras or individuals that sensitive information is being accessed, increasing awareness and potential deterrence.

Question 35

What should happen after a period of inactivity on a workstation?

a) Screensavers should activate automatically

b) Authentication should be required to remove the screensaver

c) Facial recognition technology can be used for reauthentication

d) All of the above

Answer 35

d) All of the above

After a period of inactivity, it is recommended to activate screensavers automatically. Screensavers can help protect sensitive information by obscuring the content on the screen when the workstation is unattended. To remove the screensaver, authentication should be required, which can be achieved through various methods such as entering a password or utilizing facial recognition technology.

Question 36

Disposal

Answer 36

1. Disposal is a critical part of the lifecycle of hardware, software, and information.
2. Improper disposal can lead to data breaches, so it’s essential to follow proper disposal practices.
3. Various types of media need to be disposed of securely, including paper records, magnetic media (disks and tapes), optical media (CDs, DVDs), and old hardware with non-volatile memory.
4. Cloud data removal should be considered, either through obtaining a destruction certificate from the cloud provider or employing crypto erase by encrypting the data and destroying the encryption key.
5. There are different techniques for data destruction:
   
   • Paper records can be shredded and burnt.
   • Hard disks can be physically shredded.
   • Data can be wiped to make it unrecoverable, not just deleted.
   • Drives can be formatted with multiple patterns to overwrite previous data.
   • Degaussing uses a large electromagnet to destroy magnetic data on hard disks and tapes.
6. Physical destruction of devices, such as using a large mincer to break hard disks into fragments, is a current trend in data destruction.

Question 37

Which of the following is an important consideration when disposing of old hardware with non-volatile memory?

a) Formatting the hard drive
b) Shredding and burning the hardware
c) Degaussing the device
d) Encrypting the data

Answer 37

d) Encrypting the data

When disposing of old hardware with non-volatile memory, it is important to ensure that the data is securely encrypted. This helps to prevent unauthorized access to the data even if the hardware falls into the wrong hands.

Non-volatile memory or non-volatile storage is a type of computer memory that can retain stored information even after power is removed. E.G. Floppy disk, USB, external hard drive, SD Card, etc.

Question 38

How can data on paper records be securely disposed of?

a) Formatting the paper
b) Shredding and burning the paper
c) Degaussing the paper
d) Encrypting the data on the paper

Answer 38

b) Shredding and burning the paper

To securely dispose of paper records, it is recommended to shred and burn the paper. This ensures that the information cannot be easily reconstructed or accessed by unauthorized individuals.

Question 39

What is one of the current trends in data destruction for hard disks?

a) Formatting the hard disk
b) Shredding the hard disk into fragments
c) Degaussing the hard disk
d) Encrypting the data on the hard disk

Answer 39

b) Shredding the hard disk into fragments

One of the current trends in data destruction for hard disks is physical destruction of the device, often by shredding it into small fragments. This ensures that the data stored on the hard disk is irrecoverable and cannot be accessed by anyone.