Physical Security

Question 1

What can be done locally to secure switches and routers? (Choose two.)

Cable lock.

Use SSH instead of Telnet.

Set a console port password.

Disable unused ports.

Answer 1

Set a console port password.

Disable unused ports.

A console port enables a local user to plug a cable into the router or switch to administer the device locally, so a strong password is recommended. Disabling unused switch ports and router interfaces prevents unauthorized people from gaining access to the device or the network

Question 2

Which of the following would not be a physical security concern?

USB flash drive

Workstation

USB mouse

Answer 2

USB mouse

A Universal Serial Bus (USB) mouse does not store data and does not grant access to data, so it is not a security concern

Question 3

You are configuring an uninterruptible power supply (UPS) for your three servers such that in the event of a power failure, the servers will shut down gracefully. Which term best describes this configuration?

Fail-open

Fail-safe

False positive

Answer 3

Fail-safe

Fail-safe is a term meaning a response to a failure will result in the least amount of damage. For example, during a power outage, servers connected to the uninterruptible power supply (UPS) will have enough power to shut down properly

Question 4

In the event of a physical security breach, what can you do to secure data in your server room? (Choose three.)

Install a UPS.

Use TPM.

Prevent booting from removal devices.

Lock the server chassis.

Answer 4

Use TPM.

Prevent booting from removal devices.

Lock the server chassis.

A Trusted Platform Module (TPM) is a chip used with hard disk encryption. Data on disks taken from one TPM system and placed in another TPM or non-TPM machine will not be accessible. Preventing removable media boot is critical, because many free tools can reset administrative passwords this way. Physically locking the server chassis further deters an intruder from stealing physical hard disks

Question 5

What can limit the data emanation from electromagnetic radio frequencies?

Faraday cage

Antistatic wrist strap

ESD mat

Answer 5

Faraday cage

Data emanation results from the electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data. Faraday cages enclose electronic equipment to prevent data emanation or to protect components from external static charges

Question 6

How can security guards verify whether somebody is authorized to access a facility? (Choose two.)

Employee ID badge

Username and password

Access list

Smart card

Answer 6

Employee ID badge

Access list

An employee ID badge enables physical verification that somebody is allowed to access a building. An access list defines who is allowed to access a facility

Question 7

Which of the following is the first step in preventing physical security breaches?

Firewall

IDS

Perimeter fencing and gates

Answer 7

Perimeter fencing and gates

The first step in physical security involves perimeter fencing and gates to prevent intruders from getting on the property

Question 8

While reviewing facility entry points, you decide to replace existing doors with ones that will stay locked during power outages. Which term best describes this feature?

Fail-secure

Fault-tolerant

Fail-safe

Answer 8

Fail-secure

Fail-secure systems ensure that a component failure (such as a power source) will not compromise security; in this case, the doors will stay locked

Question 9

What advantages do human security guards have over video camera surveillance systems? (Choose two.)

Human security guards have more detailed memory than saved video surveillance.

Human security guards can notice abnormal circumstances.

Human security guards can detect smells.

Human security guards can recall sounds more accurately than saved video surveillance.

Answer 9

Human security guards can notice abnormal circumstances.

Human security guards can detect smells.

Video surveillance systems cannot detect smells or notice anything out of the ordinary, as a human security guard could

Question 10

A data center IT director requires the ability to analyze facility physical security breaches after they have occurred. Which of the following present the best solutions? (Choose two.)

Motion sensor logs

Laser security system

Mantrap

Software video surveillance system

Answer 10

Motion sensor logs

Software video surveillance system

Motion sensor logs can track a perpetrator’s position more accurately than most video systems; however, software video surveillance can be played back and used to physically identify unauthorized people. To conserve disk space, most solutions record only when there is motion

Question 11

Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)

Mantrap

Hardware locks

Fingerprint scan

Smart card

Answer 11

Mantrap

Hardware locks

Mantraps are designed to trap trespassers in a restricted area. Some mantrap variations use two sets of doors, one of which must close before the second one opens. Traditional mantraps do not require access cards. Hardware locks simply require possession of a key, although proper physical key management is necessary to track key issuance and return. Neither reveals the person’s identity

Question 12

You would like to minimize disruption to your IT infrastructure. Which of the following environmental factors should you monitor? (Choose three.)

Air flow

Tape backups

Server hard disk encryption

Humidity

Power

Answer 12

Air flow

Humidity

Power

Enterprise-class environmental monitoring solutions track a variety of items such as air flow, humidity, and power availability. Any of these variables could create unfavorable conditions in a server room resulting in server downtime

Question 13

Your company has moved to a new location where a server room is being built. The server room currently has a water sprinkler system in case of fire. Regarding fire suppression, what should you suggest?

Keep the existing water sprinkler system.

Purchase a smoke detection waterless fire suppression system.

Place a fire extinguisher in the server room.

Answer 13

Purchase a smoke detection waterless fire suppression system.

Assuming local building codes allow, you should suggest waterless fire suppression systems, because they will not damage or corrode computer systems or components like water will

Question 14

A data center administrator uses thermal imaging to identify hot spots in a large data center. She then arranges rows of rack-mounted servers such that cool air is directed to server fan inlets and hot air is exhausted out of the building. Which of the following terms best define this scenario?

HVAC

Form factoring

Hot and cold aisles

Answer 14

Hot and cold aisles

Hot and cold aisles are an important consideration in data center cooling. Equipment layout and raised floors to distribute cold air are a few examples of the specifics involved

Question 15

Which access control method electronically logs entry into a facility?

Picture ID card

Security guard and log book

Proximity card

Answer 15

Proximity card

Proximity cards must be positioned within a few inches of the reader to register the card number and either allow or deny access to a facility. All access is logged electronically without the need of a physical log book or security guard

Question 16

A top-secret pharmaceutical research laboratory building uses CAT 6 network cabling. The company requires no disruption or interception of Bluetooth, network, or video monitor transmissions. What should the company consider?

Wireless networking with WPA2 Enterprise

EMI shielding for the building

Fiber-optic cabling

Answer 16

EMI shielding for the building

Electromagnetic interference (EMI) can disrupt network transmissions. CAT 6 cabling consists of four twisted copper wire pairs. As such, CAT 6 is susceptible to wiretap eavesdropping. Video screen emissions can be captured with the correct equipment. Screen filters should be physically installed to ensure that only the user directly in front of the monitor can see the display. All of these factors put a top-secret facility at risk. The best solution is to shield the entire facility

Question 17

You are consulting with a client regarding a new facility. Access to the building must be restricted to only those who know an access code. What might you suggest?

Cipher lock

Deadbolt lock

Store the code in a safe

Answer 17

Cipher lock

Cipher locks are electronic keypads whereby authorized people enter an access code to gain access to a room or a building. All the user needs to know is an access code; no physical card is required

Question 18

Over the last month, servers have been mysteriously shutting down for no apparent reason. Servers restart normally only to shut down again eventually. Servers are fully patched, and virus scanners are up to date. Which of the following is the most likely reason for these failures?

The server room temperature is too hot.

The server room temperature is too cool.

The servers are infected with a virus.

Answer 18

The server room temperature is too hot.

A hot server room is most likely the problem since the servers are fully patched and properly protected. An HVAC technician should be consulted

Question 19

What should be done in facility parking lots to ensure employee safety?

Install a barricade.

Install proper lighting.

Install an exit sign.

Answer 19

Install proper lighting.

Proper lighting in parking lots reduces the likelihood of attacks or muggings perpetrated against employees

Question 20

Which of the following statements regarding wired networks are correct? (Choose two.)

They are slower than wireless networks.

They are faster than wireless networks.

Cable runs should be installed in conduits.

Cable runs should be exposed to facilitate troubleshooting.

Answer 20

They are faster than wireless networks.

Cable runs should be installed in conduits.

Generally speaking, wired networks are faster than wireless networks. The Protected Distribution System (PDS) dictates that cables should not be easily physical accessible, and one way to achieve this is to install cables in conduits. This reduces the likelihood of tampering and eavesdropping

Question 21

You are considering options for securing the windows in your facility. Which of the following might you consider?

PDS

Closed-circuit sensor

CCTV

Answer 21

Closed-circuit sensor

Closed-circuit sensors use a variety of mechanisms such that when a window is open, an alarm is triggered. Many alarms that detect motion use infrared beams that, when broken, trigger the alarm