Physical Security Flashcards
What can be done locally to secure switches and routers? (Choose two.)
Cable lock.
Use SSH instead of Telnet.
Set a console port password.
Disable unused ports.
Set a console port password.
Disable unused ports.
A console port enables a local user to plug a cable into the router or switch to administer the device locally, so a strong password is recommended. Disabling unused switch ports and router interfaces prevents unauthorized people from gaining access to the device or the network
Which of the following would not be a physical security concern?
USB flash drive
Workstation
USB mouse
USB mouse
A Universal Serial Bus (USB) mouse does not store data and does not grant access to data, so it is not a security concern
You are configuring an uninterruptible power supply (UPS) for your three servers such that in the event of a power failure, the servers will shut down gracefully. Which term best describes this configuration?
Fail-open
Fail-safe
False positive
Fail-safe
Fail-safe is a term meaning a response to a failure will result in the least amount of damage. For example, during a power outage, servers connected to the uninterruptible power supply (UPS) will have enough power to shut down properly
In the event of a physical security breach, what can you do to secure data in your server room? (Choose three.)
Install a UPS.
Use TPM.
Prevent booting from removal devices.
Lock the server chassis.
Use TPM.
Prevent booting from removal devices.
Lock the server chassis.
A Trusted Platform Module (TPM) is a chip used with hard disk encryption. Data on disks taken from one TPM system and placed in another TPM or non-TPM machine will not be accessible. Preventing removable media boot is critical, because many free tools can reset administrative passwords this way. Physically locking the server chassis further deters an intruder from stealing physical hard disks
What can limit the data emanation from electromagnetic radio frequencies?
Faraday cage
Antistatic wrist strap
ESD mat
Faraday cage
Data emanation results from the electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data. Faraday cages enclose electronic equipment to prevent data emanation or to protect components from external static charges
How can security guards verify whether somebody is authorized to access a facility? (Choose two.)
Employee ID badge
Username and password
Access list
Smart card
Employee ID badge
Access list
An employee ID badge enables physical verification that somebody is allowed to access a building. An access list defines who is allowed to access a facility
Which of the following is the first step in preventing physical security breaches?
Firewall
IDS
Perimeter fencing and gates
Perimeter fencing and gates
The first step in physical security involves perimeter fencing and gates to prevent intruders from getting on the property
While reviewing facility entry points, you decide to replace existing doors with ones that will stay locked during power outages. Which term best describes this feature?
Fail-secure
Fault-tolerant
Fail-safe
Fail-secure
Fail-secure systems ensure that a component failure (such as a power source) will not compromise security; in this case, the doors will stay locked
What advantages do human security guards have over video camera surveillance systems? (Choose two.)
Human security guards have more detailed memory than saved video surveillance.
Human security guards can notice abnormal circumstances.
Human security guards can detect smells.
Human security guards can recall sounds more accurately than saved video surveillance.
Human security guards can notice abnormal circumstances.
Human security guards can detect smells.
Video surveillance systems cannot detect smells or notice anything out of the ordinary, as a human security guard could
A data center IT director requires the ability to analyze facility physical security breaches after they have occurred. Which of the following present the best solutions? (Choose two.)
Motion sensor logs
Laser security system
Mantrap
Software video surveillance system
Motion sensor logs
Software video surveillance system
Motion sensor logs can track a perpetrator’s position more accurately than most video systems; however, software video surveillance can be played back and used to physically identify unauthorized people. To conserve disk space, most solutions record only when there is motion
Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)
Mantrap
Hardware locks
Fingerprint scan
Smart card
Mantrap
Hardware locks
Mantraps are designed to trap trespassers in a restricted area. Some mantrap variations use two sets of doors, one of which must close before the second one opens. Traditional mantraps do not require access cards. Hardware locks simply require possession of a key, although proper physical key management is necessary to track key issuance and return. Neither reveals the person’s identity
You would like to minimize disruption to your IT infrastructure. Which of the following environmental factors should you monitor? (Choose three.)
Air flow
Tape backups
Server hard disk encryption
Humidity
Power
Air flow
Humidity
Power
Enterprise-class environmental monitoring solutions track a variety of items such as air flow, humidity, and power availability. Any of these variables could create unfavorable conditions in a server room resulting in server downtime
Your company has moved to a new location where a server room is being built. The server room currently has a water sprinkler system in case of fire. Regarding fire suppression, what should you suggest?
Keep the existing water sprinkler system.
Purchase a smoke detection waterless fire suppression system.
Place a fire extinguisher in the server room.
Purchase a smoke detection waterless fire suppression system.
Assuming local building codes allow, you should suggest waterless fire suppression systems, because they will not damage or corrode computer systems or components like water will
A data center administrator uses thermal imaging to identify hot spots in a large data center. She then arranges rows of rack-mounted servers such that cool air is directed to server fan inlets and hot air is exhausted out of the building. Which of the following terms best define this scenario?
HVAC
Form factoring
Hot and cold aisles
Hot and cold aisles
Hot and cold aisles are an important consideration in data center cooling. Equipment layout and raised floors to distribute cold air are a few examples of the specifics involved
Which access control method electronically logs entry into a facility?
Picture ID card
Security guard and log book
Proximity card
Proximity card
Proximity cards must be positioned within a few inches of the reader to register the card number and either allow or deny access to a facility. All access is logged electronically without the need of a physical log book or security guard
A top-secret pharmaceutical research laboratory building uses CAT 6 network cabling. The company requires no disruption or interception of Bluetooth, network, or video monitor transmissions. What should the company consider?
Wireless networking with WPA2 Enterprise
EMI shielding for the building
Fiber-optic cabling
EMI shielding for the building
Electromagnetic interference (EMI) can disrupt network transmissions. CAT 6 cabling consists of four twisted copper wire pairs. As such, CAT 6 is susceptible to wiretap eavesdropping. Video screen emissions can be captured with the correct equipment. Screen filters should be physically installed to ensure that only the user directly in front of the monitor can see the display. All of these factors put a top-secret facility at risk. The best solution is to shield the entire facility
You are consulting with a client regarding a new facility. Access to the building must be restricted to only those who know an access code. What might you suggest?
Cipher lock
Deadbolt lock
Store the code in a safe
Cipher lock
Cipher locks are electronic keypads whereby authorized people enter an access code to gain access to a room or a building. All the user needs to know is an access code; no physical card is required
Over the last month, servers have been mysteriously shutting down for no apparent reason. Servers restart normally only to shut down again eventually. Servers are fully patched, and virus scanners are up to date. Which of the following is the most likely reason for these failures?
The server room temperature is too hot.
The server room temperature is too cool.
The servers are infected with a virus.
The server room temperature is too hot.
A hot server room is most likely the problem since the servers are fully patched and properly protected. An HVAC technician should be consulted
What should be done in facility parking lots to ensure employee safety?
Install a barricade.
Install proper lighting.
Install an exit sign.
Install proper lighting.
Proper lighting in parking lots reduces the likelihood of attacks or muggings perpetrated against employees
Which of the following statements regarding wired networks are correct? (Choose two.)
They are slower than wireless networks.
They are faster than wireless networks.
Cable runs should be installed in conduits.
Cable runs should be exposed to facilitate troubleshooting.
They are faster than wireless networks.
Cable runs should be installed in conduits.
Generally speaking, wired networks are faster than wireless networks. The Protected Distribution System (PDS) dictates that cables should not be easily physical accessible, and one way to achieve this is to install cables in conduits. This reduces the likelihood of tampering and eavesdropping
You are considering options for securing the windows in your facility. Which of the following might you consider?
PDS
Closed-circuit sensor
CCTV
Closed-circuit sensor
Closed-circuit sensors use a variety of mechanisms such that when a window is open, an alarm is triggered. Many alarms that detect motion use infrared beams that, when broken, trigger the alarm
