Physical Security Flashcards
What fencing height is likely to stop a determined intruder?
A. 3’ to 4’ high
B. 6’ to 7’ high
C. 8’ high and above with strands of barbed wire
D. No fence can stop a determined intruder
Answer: C
Explanation:
Lock picking is classified under which one of the following lock mechanism attacks? A. Illicit key B. Circumvention C. Manipulation D. Shimming
Answer: C
Explanation: Lock picking is manipulation of the tumblers.
The Physical Security domain addresses three areas that can be utilized to physically protect an enterprise’s resources and sensitive information. Which of the following is not one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks
Answer: B
Explanation:
Which issue when selecting a facility site deals with the surrounding terrain, building markings and signs, and high or low population in the area?
A. surrounding area and external entities
B. natural disasters
C. accessibility
D. visibility
Answer:
D Explanation:
Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials
Answer: C
Explanation:
The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. physical damage C. theft D. availability
Answer:
A Explanation:
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
Answer: D
Explanation:
The Auxiliary Station should be the Correct answer.
Transmitted over Muniple system and rings at police/fire station. See the highlighted txt from “The CISSP Prep Guide Gold Edition” by Wiley page 51
Examples of types of physical access controls include all except which of the following? A. badges B. locks C. guards D. passwords
Answer: D
Explanation:
Which of the following is the most costly countermeasures to reducing physical security risks? A. procedural controls B. hardware devices C. electronic systems D. personnel
Answer: D
Explanation:
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
Answer: B
Explanation: “Capacitance. Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate an alarm” - The CISSP® Prep Guide: Gold Edition by Wiley Publishing Page 480.
Which of the following questions is less likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive facilities?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?
Answer: B
Explanation:
The concentric circle approach is used to
A. Evaluate environmental threats.
B. Assess the physical security facility,
C. Assess the communications network security.
D. Develop a personnel security program.
Answer: B
Explanation: The original answer for this question was C (assess the communications network security) however I think the concentric circle is defining what in the krutz book is know as the security perimeter. To this end this is a reference “A circular security perimeter that is under the access control defines the area or zone to be protected. Preventive/physical controls include fences, badges, multiple doors (man-traps that consists of two doors physically separated so that an individual can be ‘trapped’ in the space between the doors after entering one of the doors), magnetic card entry systems, biometrics (for identification), guards, dogs, environmental control systems (temperature, humidity, and so forth), and building and access area layout.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 318
This is a standard concentric circle model shown in Figure 1 . If you’ve never seen this, you haven’t had a security lecture. On the outside is our perimeter. We are fortunate to have some defenses on our base. Although some bases don’t have people guarding the gates and checking IDs any longer, there’s still the perception that it’s tougher to commit a crime on a Naval base than it would be at GM. The point is: How much control do we have over fencing and guards? The answer: Not much. The next circle, the red circle, contains your internal access controls. For our purposes, the heart of the red circle is the computer. That’s what I want to zero in on. The internal controls are the things you can do to keep people out of your PCs and off your network. http://www.chips.navy.mil/archives/96_oct/file5.htm
The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security program is to
A. Provide hard evidence for criminal prosecution.
B. Apprehend criminals.
C. Deter criminal activity.
D. Increase guard visibility.
Answer: D
Explanation: A CCTV enables a guard to monitor many different areas at once from a centralized location. - Shon Harris All-in-one CISSP Certification Guide pg 179-180
Closed circuit TV is a feature of: A. Detective Physical Controls B. Corrective Physical Controls C. Corrective Logical Controls D. Logical Physical Controls
Answer: A
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.
Motion detector is a feature of: A. Corrective Logical Controls. B. Logical Physical Controls. C. Corrective Physical Controls. D. Detective Physical Controls.
Answer: D
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.
Which of the following is a physical control?
A. Monitoring of system activity
B. Environmental controls
C. Identification and authentication methods
D. Logical access control mechanisms
Answer: B
Explanation:
Which of the following is a detective control? A. Segregation of duties B. Back-up procedures C. Audit trails D. Physical access control
Answer: C
Explanation:
The basic Electronic Access Control (EAC) components required for access doors are an electromagnetic lock,
A. A credential reader, and a door closed sensor.
B. A card reader, and a door open sensor.
C. A biometric reader, and a door open sensor.
D. A card reader, and door motion detector.
Answer: A
Explanation: We have not been able to find any reference to this question really. So we are going with “A credential reader, and a door closed sensor”.
“In addition to smart and dumb cards, proximity readers can be used to control physical access. A proximity reader can be passive device, a field-powered device, or a transponder.” - Ed Tittle CISSP Study Guide (sybex) pg 650
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? A. Preventive/Technical Pairing B. Preventive/Administrative Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing
Answer: B
Explanation: “Preventive-Administrative The following are the soft mechanisms that are put into place to enforce access control and protection for the company as a whole: Policies and procedures Effective hiring practices Pre-employment background checks Controlled termination processes Data classification and labeling Security awareness”
Pg. 157 Shon Harris: All-In-One CISSP Certification Guide.
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and the backing up of files are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls
Answer: D
Explanation:
Which of the following is NOT a type of motion detector? A. photoelectric sensor B. wave pattern C. capacitance D. audio detector
Answer: D
Explanation: Audio detector detects sound not motion Not A: A photoelectric sensor is a motion sensor that’s what it was designed to do.
Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room?
A. Store all data on disks and lock them in an in-room safe
B. Remove the batteries and power supply from the laptop and store them separately from the computer
C. Install a cable lock on the laptop when it is unattended
D. Encrypt the data on the hard drive
Answer: D
Explanation: To encrypt the data on the hard drive is the best deterrent for information theft (not however the best for physical theft).
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access
Answer: A
Explanation:
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor
Answer: C
Explanation:
Which of the following risk will most likely affect confidentiality, integrity and availability?
A. Physical damage
B. Unauthorized disclosure of information
C. Loss of control over system
D. Physical theft
Answer: D
Explanation: