Physical Security Flashcards
What fencing height is likely to stop a determined intruder?
A. 3’ to 4’ high
B. 6’ to 7’ high
C. 8’ high and above with strands of barbed wire
D. No fence can stop a determined intruder
Answer: C
Explanation:
Lock picking is classified under which one of the following lock mechanism attacks? A. Illicit key B. Circumvention C. Manipulation D. Shimming
Answer: C
Explanation: Lock picking is manipulation of the tumblers.
The Physical Security domain addresses three areas that can be utilized to physically protect an enterprise’s resources and sensitive information. Which of the following is not one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks
Answer: B
Explanation:
Which issue when selecting a facility site deals with the surrounding terrain, building markings and signs, and high or low population in the area?
A. surrounding area and external entities
B. natural disasters
C. accessibility
D. visibility
Answer:
D Explanation:
Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials
Answer: C
Explanation:
The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. physical damage C. theft D. availability
Answer:
A Explanation:
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
Answer: D
Explanation:
The Auxiliary Station should be the Correct answer.
Transmitted over Muniple system and rings at police/fire station. See the highlighted txt from “The CISSP Prep Guide Gold Edition” by Wiley page 51
Examples of types of physical access controls include all except which of the following? A. badges B. locks C. guards D. passwords
Answer: D
Explanation:
Which of the following is the most costly countermeasures to reducing physical security risks? A. procedural controls B. hardware devices C. electronic systems D. personnel
Answer: D
Explanation:
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
Answer: B
Explanation: “Capacitance. Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate an alarm” - The CISSP® Prep Guide: Gold Edition by Wiley Publishing Page 480.
Which of the following questions is less likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive facilities?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?
Answer: B
Explanation:
The concentric circle approach is used to
A. Evaluate environmental threats.
B. Assess the physical security facility,
C. Assess the communications network security.
D. Develop a personnel security program.
Answer: B
Explanation: The original answer for this question was C (assess the communications network security) however I think the concentric circle is defining what in the krutz book is know as the security perimeter. To this end this is a reference “A circular security perimeter that is under the access control defines the area or zone to be protected. Preventive/physical controls include fences, badges, multiple doors (man-traps that consists of two doors physically separated so that an individual can be ‘trapped’ in the space between the doors after entering one of the doors), magnetic card entry systems, biometrics (for identification), guards, dogs, environmental control systems (temperature, humidity, and so forth), and building and access area layout.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 318
This is a standard concentric circle model shown in Figure 1 . If you’ve never seen this, you haven’t had a security lecture. On the outside is our perimeter. We are fortunate to have some defenses on our base. Although some bases don’t have people guarding the gates and checking IDs any longer, there’s still the perception that it’s tougher to commit a crime on a Naval base than it would be at GM. The point is: How much control do we have over fencing and guards? The answer: Not much. The next circle, the red circle, contains your internal access controls. For our purposes, the heart of the red circle is the computer. That’s what I want to zero in on. The internal controls are the things you can do to keep people out of your PCs and off your network. http://www.chips.navy.mil/archives/96_oct/file5.htm
The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security program is to
A. Provide hard evidence for criminal prosecution.
B. Apprehend criminals.
C. Deter criminal activity.
D. Increase guard visibility.
Answer: D
Explanation: A CCTV enables a guard to monitor many different areas at once from a centralized location. - Shon Harris All-in-one CISSP Certification Guide pg 179-180
Closed circuit TV is a feature of: A. Detective Physical Controls B. Corrective Physical Controls C. Corrective Logical Controls D. Logical Physical Controls
Answer: A
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.
Motion detector is a feature of: A. Corrective Logical Controls. B. Logical Physical Controls. C. Corrective Physical Controls. D. Detective Physical Controls.
Answer: D
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.
Which of the following is a physical control?
A. Monitoring of system activity
B. Environmental controls
C. Identification and authentication methods
D. Logical access control mechanisms
Answer: B
Explanation:
Which of the following is a detective control? A. Segregation of duties B. Back-up procedures C. Audit trails D. Physical access control
Answer: C
Explanation:
The basic Electronic Access Control (EAC) components required for access doors are an electromagnetic lock,
A. A credential reader, and a door closed sensor.
B. A card reader, and a door open sensor.
C. A biometric reader, and a door open sensor.
D. A card reader, and door motion detector.
Answer: A
Explanation: We have not been able to find any reference to this question really. So we are going with “A credential reader, and a door closed sensor”.
“In addition to smart and dumb cards, proximity readers can be used to control physical access. A proximity reader can be passive device, a field-powered device, or a transponder.” - Ed Tittle CISSP Study Guide (sybex) pg 650
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? A. Preventive/Technical Pairing B. Preventive/Administrative Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing
Answer: B
Explanation: “Preventive-Administrative The following are the soft mechanisms that are put into place to enforce access control and protection for the company as a whole: Policies and procedures Effective hiring practices Pre-employment background checks Controlled termination processes Data classification and labeling Security awareness”
Pg. 157 Shon Harris: All-In-One CISSP Certification Guide.
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and the backing up of files are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls
Answer: D
Explanation:
Which of the following is NOT a type of motion detector? A. photoelectric sensor B. wave pattern C. capacitance D. audio detector
Answer: D
Explanation: Audio detector detects sound not motion Not A: A photoelectric sensor is a motion sensor that’s what it was designed to do.
Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room?
A. Store all data on disks and lock them in an in-room safe
B. Remove the batteries and power supply from the laptop and store them separately from the computer
C. Install a cable lock on the laptop when it is unattended
D. Encrypt the data on the hard drive
Answer: D
Explanation: To encrypt the data on the hard drive is the best deterrent for information theft (not however the best for physical theft).
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access
Answer: A
Explanation:
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor
Answer: C
Explanation:
Which of the following risk will most likely affect confidentiality, integrity and availability?
A. Physical damage
B. Unauthorized disclosure of information
C. Loss of control over system
D. Physical theft
Answer: D
Explanation:
Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers
Answer: A
Explanation:
The recording of events with a closed-circuit TV camera is considered a: A. Preventative control B. Detective control C. Compensating control D. Corrective Control
Answer: B
Explanation:
Sensor is: A. Logical, Physical B. Corrective, Logical C. Detective, Physical D. Corrective, Physical
Answer: C
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.
What fencing height is likely to stop a determined intruder?
A. 3’ to 4’ high
B. 6’ to 7’ high
C. 8’ high and above with strands of barbed wire
D. No fence can stop a determined intruder
Answer: C
Reference: “2.4 meters/8 feet with top guard: Deters determined intruder”. Pg 467 Hansche: Official (ISC)2 Guide to the CISSP Exam
A controlled light fixture mounted on a 5-meter pole can illuminate an area 30 meter in diameter.
For security lighting purposes, what would be the proper distance between fixtures?
A. 25 meters
B. 30 meters
C. 35 meters
D. 40 meters
Answer: A
Explanation: The answer should be 25 meters: If a lamp provides a 30 foot illumination, the lamps should be placed less than 30 feet apart to provide an overlap. A 30 meter coverage area mean the next light should be less than 30 meters away, and the only answer that fits is 25 meters. Chapter 6, page 459 of Shon Harris CISSP 5th edition book.
Critical areas should be lighted: A. Eight feet high and two feet out B. Eight feet high and four feet out C. Ten feet high and four feet out D. Ten feet high and six feet out
Answer: A
Explanation:
Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing unit
B. It should be located in proximity to the originating site so that it can quickly be made operational
C. It should be easily identified from the outside so in the event of an emergency it can be easily found
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
Answer: A
Explanation:
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. common-mode noise B. traverse-mode noise C. transversal-mode noise D. crossover-mode noise
Answer: A
Explanation:
Which of the following is NOT a precaution you can take to reduce static electricity? A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooring
Answer: A
Explanation:
Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers
Answer: B
Explanation:
A prolonged high voltage is a: A. spike B. blackout C. surge D. fault
Answer: C
Explanation:
A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault
Answer: A
Explanation:
A prolonged power outage is a: A. brownout B. blackout C. surge D. fault
Answer: B
Explanation:
A momentary power outage is a: A. spike B. blackout C. surge D. fault
Answer: D
Explanation:
What can be defined as a momentary low voltage? A. Spike B. Sag C. Fault D. Brownout
Answer: B
Explanation:
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Noise B. Humidity C. Brownouts D. UPS
Answer:
D Explanation:
Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage
B. When the fire involves electrical equipment
C. When the fire is located in an enclosed area
D. When the fire is caused by flammable products
Answer: B
Explanation:
Which of the following is a class C fire? A. electrical B. liquid C. common combustibles D. soda acid
Answer: A
Explanation:
Which of the following is not a EPA-approved replacement for Halon? A. Water B. Argon C. NAF-S-III D. Bromine
Answer: D
Explanation:
Which of the following suppresses combustion through a chemical reaction that kills the fire? A. Halon B. Co2 C. water D. soda acid
Answer: A
Explanation:
Which of the following is a class A fire? A. common combustibles B. liquid C. electrical D. Halon
Answer: A
Explanation:
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacture
B. Contact a Halon recycling bank to make arrangements for a refill
C. Order a different chlorofluorocarbon compound from the manufacture
D. Order an immediate refill with Halon 1301 from the manufacture
Answer: B
Explanation:
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area
Answer: C
Explanation:
Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. it minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems
Answer: C
Explanation:
Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage B. When the fire involves electrical equipment C. When the fire is located in an enclosed area D. When the fire is caused by flammable products
Answer: B
Explanation:
Which fire class can water be most appropriate for? A. Class A fires B. Class B fires C. Class C fires D. Class D fires
Answer: A
Explanation:
What category of water sprinkler system is currently the most recommended water system for a computer room? A. Dry Pipe sprinkler system B. Wet Pipe sprinkler system C. Pre-action sprinkler system D. Deluge sprinkler system
Answer: C
Explanation:
Which of the following is currently the most recommended water system for a computer room? A. pre-action B. wet pipe C. dry pipe D. deluge
Answer: A
Reference: pg 496 Hansche: Official (ISC)2 Guide to the CISSP Exam
According to the ISC2, what should be the fire rating for the walls of an information processing facility?
A. All walls must have a one-hour minimum fire rating
B. All walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating
C. All walls must have a two-hour minimum fire rating
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.
Answer: C
Explanation:
Which of the following suppresses the fuel supply of the fire? A. soda acid B. Co2 C. Halon D. water
Answer: A
Explanation:
Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. It minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems
Answer: C
Explanation:
The most prevalent cause of computer center fires is which of the following? A. AC equipment B. electrical distribution systems C. heating systems D. natural causes
Answer: B
Explanation:
What fire suppression system can be used in computer rooms that will not
damage computers and is safe for humans?
A. Water
B. FM200
C. Halon
D. CO2
Answer: B
Reference: http://www.fireline.com/fl_fm200firesuppression.html
FM-200 Systems
FM-200 Fire Suppression Systems - Halon Alternatives Fire Protection Systems
FM200 is a fire suppression system agent manufactured by Great Lakes Chemical.
How FM200 Suppresses Fire
FM200 suppresses fire by discharging as a gas onto the surface of combusting materials. Large amounts of heat energy are absorbed from the surface of the burning material, lowering it’s temperature below the ignition point.
FM200 Fire Suppression Systems and the Environment
FM200 fire suppression systems have low atmospheric lifetimes, global warming, and ozone depletion potentials. Unlike Halon 1301 fire suppression systems, FM200 systems are environmentally friendly. They provide an effective, safe method of special hazards fire suppression
where a non-residue producing clean agent is essential.
The following are fire detector types EXCEPT: A. smoke activated B. flame actuated C. acoustical-seismic detection system D. heat activated
Answer: C
Explanation:
Which fire class can water be most appropriate for? A. Class A fires B. Class B fires C. Class C fires D. Class D fires
Answer: A
Explanation: “Fire Extinguisher Classes
ClassTypeSuppression Material ACommon combustiblesWater, soda acid (dry powder) BLiquidsCO2 , Halon, soda acid CElectricalCO2, Halon” Pg. 578 Tittel: CISSP Study Guide
Which one of the following actions should be taken FIRST after a fire has been detected? A. Turn off power to the computers B. Call the fire department C. Notify management D. Evacuate all personnel
Answer: D
Explanation: Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. . - Shon Harris All-in-one CISSP Certification Guide pg 625
Which of the following provides coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat? A. Business continuity plan B. Incident response plan C. Disaster recovery plan D. Occupant emergency plan
Answer: D
Explanation: “Occupant Emergency Plan (OEP). The OEP is a document providing coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat. It does not necessarily deal with business systems or IT system functionality, but rather focuses on personnel and property at a specific facility.” Pg 666 Hansche: Official (ISC)2 Guide to the CISSP Exam
Disaster Recovery Plan emergency produces is a plan of action that commences immediately to prevent or minimize property damage and to: A. Prevent interruption of service. B. Minimize embarrassment. C. Prevent loss of life. D. Evacuate the facility.
Answer: C
Explanation: Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. - Shon Harris All-in-one CISSP Certification Guide pg 625
What is the PRIMARY concern during a disaster? A. Recover of the critical functions. B. Availability of a hot site. C. Acceptable outage duration. D. Personnel safety.
Answer: D
Explanation: Personal safety goes way above and beyond all other things, unless you’re a rescue worker, and even then safety is still priority #1. Recovering critical functions and down time are not the MOST important concerns; Data can be recovered, a potential life loss cannot be. Making Personal safety of the utmost important
