Physical Security Flashcards

1
Q

What fencing height is likely to stop a determined intruder?
A. 3’ to 4’ high
B. 6’ to 7’ high
C. 8’ high and above with strands of barbed wire
D. No fence can stop a determined intruder

A

Answer: C
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Lock picking is classified under which one of the following lock mechanism attacks?    
A. Illicit key 
B. Circumvention 
C. Manipulation 
D. Shimming
A

Answer: C
Explanation: Lock picking is manipulation of the tumblers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
The Physical Security domain addresses three areas that can be utilized to physically protect an enterprise’s resources and sensitive information. Which of the following is not one of these areas?  
A. Threats 
B. Countermeasures 
C. Vulnerabilities 
D. Risks
A

Answer: B
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which issue when selecting a facility site deals with the surrounding terrain, building markings and signs, and high or low population in the area?
A. surrounding area and external entities
B. natural disasters
C. accessibility
D. visibility

A

Answer:

D Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which of the following is not a physical control for physical security?  
A. lighting 
B. fences 
C. training 
D. facility construction materials
A

Answer: C
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
The main risks that physical security components combat are all of the following EXCEPT: 
A. SYN flood 
B. physical damage 
C. theft 
D. availability
A

Answer:

A Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?  
A. Central station alarm 
B. Proprietary alarm 
C. A remote station alarm
D. An auxiliary station alarm
A

Answer: D
Explanation:
The Auxiliary Station should be the Correct answer.
Transmitted over Muniple system and rings at police/fire station. See the highlighted txt from “The CISSP Prep Guide Gold Edition” by Wiley page 51

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Examples of types of physical access controls include all except which of the following?  
A. badges 
B. locks 
C. guards 
D. passwords
A

Answer: D
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which of the following is the most costly countermeasures to reducing physical security risks?  
A. procedural controls 
B. hardware devices 
C. electronic systems 
D. personnel
A

Answer: D
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?  
A. Wave pattern motion detectors 
B. Capacitance detectors 
C. Field-powered devices 
D. Audio detectors
A

Answer: B
Explanation: “Capacitance. Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate an alarm” - The CISSP® Prep Guide: Gold Edition by Wiley Publishing Page 480.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following questions is less likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive facilities?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?

A

Answer: B
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The concentric circle approach is used to
A. Evaluate environmental threats.
B. Assess the physical security facility,
C. Assess the communications network security.
D. Develop a personnel security program.

A

Answer: B
Explanation: The original answer for this question was C (assess the communications network security) however I think the concentric circle is defining what in the krutz book is know as the security perimeter. To this end this is a reference “A circular security perimeter that is under the access control defines the area or zone to be protected. Preventive/physical controls include fences, badges, multiple doors (man-traps that consists of two doors physically separated so that an individual can be ‘trapped’ in the space between the doors after entering one of the doors), magnetic card entry systems, biometrics (for identification), guards, dogs, environmental control systems (temperature, humidity, and so forth), and building and access area layout.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 318
This is a standard concentric circle model shown in Figure 1 . If you’ve never seen this, you haven’t had a security lecture. On the outside is our perimeter. We are fortunate to have some defenses on our base. Although some bases don’t have people guarding the gates and checking IDs any longer, there’s still the perception that it’s tougher to commit a crime on a Naval base than it would be at GM. The point is: How much control do we have over fencing and guards? The answer: Not much. The next circle, the red circle, contains your internal access controls. For our purposes, the heart of the red circle is the computer. That’s what I want to zero in on. The internal controls are the things you can do to keep people out of your PCs and off your network. http://www.chips.navy.mil/archives/96_oct/file5.htm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security program is to
A. Provide hard evidence for criminal prosecution.
B. Apprehend criminals.
C. Deter criminal activity.
D. Increase guard visibility.

A

Answer: D
Explanation: A CCTV enables a guard to monitor many different areas at once from a centralized location. - Shon Harris All-in-one CISSP Certification Guide pg 179-180

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Closed circuit TV is a feature of:   
A. Detective Physical Controls 
B. Corrective Physical Controls 
C. Corrective Logical Controls 
D. Logical Physical Controls
A

Answer: A
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Motion detector is a feature of:    
A. Corrective Logical Controls. 
B. Logical Physical Controls. 
C. Corrective Physical Controls. 
D. Detective Physical Controls.
A

Answer: D
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is a physical control?
A. Monitoring of system activity
B. Environmental controls
C. Identification and authentication methods
D. Logical access control mechanisms

A

Answer: B
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
Which of the following is a detective control?  
A. Segregation of duties 
B. Back-up procedures 
C. Audit trails 
D. Physical access control
A

Answer: C
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The basic Electronic Access Control (EAC) components required for access doors are an electromagnetic lock,
A. A credential reader, and a door closed sensor.
B. A card reader, and a door open sensor.
C. A biometric reader, and a door open sensor.
D. A card reader, and door motion detector.

A

Answer: A
Explanation: We have not been able to find any reference to this question really. So we are going with “A credential reader, and a door closed sensor”.
“In addition to smart and dumb cards, proximity readers can be used to control physical access. A proximity reader can be passive device, a field-powered device, or a transponder.” - Ed Tittle CISSP Study Guide (sybex) pg 650

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives?
A. Preventive/Technical Pairing 
B. Preventive/Administrative Pairing 
C. Preventive/Physical Pairing 
D. Detective/Administrative Pairing
A

Answer: B
Explanation: “Preventive-Administrative The following are the soft mechanisms that are put into place to enforce access control and protection for the company as a whole: Policies and procedures Effective hiring practices Pre-employment background checks Controlled termination processes Data classification and labeling Security awareness”
Pg. 157 Shon Harris: All-In-One CISSP Certification Guide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and the backing up of files are some of the examples of:  
A. Administrative controls 
B. Logical controls 
C. Technical controls 
D. Physical controls
A

Answer: D
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
Which of the following is NOT a type of motion detector?  
A. photoelectric sensor 
B. wave pattern 
C. capacitance 
D. audio detector
A

Answer: D
Explanation: Audio detector detects sound not motion Not A: A photoelectric sensor is a motion sensor that’s what it was designed to do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room?
A. Store all data on disks and lock them in an in-room safe
B. Remove the batteries and power supply from the laptop and store them separately from the computer
C. Install a cable lock on the laptop when it is unattended
D. Encrypt the data on the hard drive

A

Answer: D
Explanation: To encrypt the data on the hard drive is the best deterrent for information theft (not however the best for physical theft).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access

A

Answer: A
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?  
A. Basement 
B. Ground floor 
C. Third floor 
D. Sixth floor
A

Answer: C
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following risk will most likely affect confidentiality, integrity and availability?
A. Physical damage
B. Unauthorized disclosure of information
C. Loss of control over system
D. Physical theft

A

Answer: D
Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
Which is the last line of defense in a physical security sense?  
A. people 
B. interior barriers 
C. exterior barriers 
D. perimeter barriers
A

Answer: A
Explanation:

27
Q
The recording of events with a closed-circuit TV camera is considered a:  
A. Preventative control 
B. Detective control 
C. Compensating control 
D. Corrective Control
A

Answer: B
Explanation:

28
Q
Sensor is:    
A. Logical, Physical 
B. Corrective, Logical 
C. Detective, Physical 
D. Corrective, Physical
A

Answer: C
Explanation: Detective Physical Controls would use the following: motion detectors, closed circuit TV, sensors, and alarms.

29
Q

What fencing height is likely to stop a determined intruder?
A. 3’ to 4’ high
B. 6’ to 7’ high
C. 8’ high and above with strands of barbed wire
D. No fence can stop a determined intruder

A

Answer: C
Reference: “2.4 meters/8 feet with top guard: Deters determined intruder”. Pg 467 Hansche: Official (ISC)2 Guide to the CISSP Exam

30
Q

A controlled light fixture mounted on a 5-meter pole can illuminate an area 30 meter in diameter.
For security lighting purposes, what would be the proper distance between fixtures?
A. 25 meters
B. 30 meters
C. 35 meters
D. 40 meters

A

Answer: A
Explanation: The answer should be 25 meters: If a lamp provides a 30 foot illumination, the lamps should be placed less than 30 feet apart to provide an overlap. A 30 meter coverage area mean the next light should be less than 30 meters away, and the only answer that fits is 25 meters. Chapter 6, page 459 of Shon Harris CISSP 5th edition book.

31
Q
Critical areas should be lighted:  
A. Eight feet high and two feet out 
B. Eight feet high and four feet out 
C. Ten feet high and four feet out 
D. Ten feet high and six feet out
A

Answer: A
Explanation:

32
Q

Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing unit
B. It should be located in proximity to the originating site so that it can quickly be made operational
C. It should be easily identified from the outside so in the event of an emergency it can be easily found
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive

A

Answer: A
Explanation:

33
Q
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires?  
A. common-mode noise 
B. traverse-mode noise 
C. transversal-mode noise 
D. crossover-mode noise
A

Answer: A
Explanation:

34
Q
Which of the following is NOT a precaution you can take to reduce static electricity?  
A. power line conditioning 
B. anti-static sprays 
C. maintain proper humidity levels 
D. anti-static flooring
A

Answer: A
Explanation:

35
Q
Devices that supply power when the commercial utility power system fails are called which of the following?  
A. power conditioners 
B. uninterruptible power supplies 
C. power filters 
D. power dividers
A

Answer: B
Explanation:

36
Q
A prolonged high voltage is a:  
A. spike 
B. blackout 
C. surge 
D. fault
A

Answer: C
Explanation:

37
Q
A prolonged power supply that is below normal voltage is a:  
A. brownout 
B. blackout 
C. surge
D. fault
A

Answer: A
Explanation:

38
Q
A prolonged power outage is a:  
A. brownout 
B. blackout 
C. surge 
D. fault
A

Answer: B
Explanation:

39
Q
A momentary power outage is a:  
A. spike 
B. blackout 
C. surge 
D. fault
A

Answer: D
Explanation:

40
Q
What can be defined as a momentary low voltage?  
A. Spike 
B. Sag 
C. Fault 
D. Brownout
A

Answer: B
Explanation:

41
Q
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems?  
A. Noise 
B. Humidity 
C. Brownouts 
D. UPS
A

Answer:

D Explanation:

42
Q

Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage
B. When the fire involves electrical equipment
C. When the fire is located in an enclosed area
D. When the fire is caused by flammable products

A

Answer: B
Explanation:

43
Q
Which of the following is a class C fire?  
A. electrical 
B. liquid 
C. common combustibles 
D. soda acid
A

Answer: A
Explanation:

44
Q
Which of the following is not a EPA-approved replacement for Halon?  
A. Water 
B. Argon 
C. NAF-S-III 
D. Bromine
A

Answer: D
Explanation:

45
Q
Which of the following suppresses combustion through a chemical reaction that kills the fire?  
A. Halon 
B. Co2 
C. water 
D. soda acid
A

Answer: A
Explanation:

46
Q
Which of the following is a class A fire?  
A. common combustibles 
B. liquid 
C. electrical 
D. Halon
A

Answer: A
Explanation:

47
Q

To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacture
B. Contact a Halon recycling bank to make arrangements for a refill
C. Order a different chlorofluorocarbon compound from the manufacture
D. Order an immediate refill with Halon 1301 from the manufacture

A

Answer: B
Explanation:

48
Q

Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area

A

Answer: C
Explanation:

49
Q

Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. it minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems

A

Answer: C
Explanation:

50
Q

Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage B. When the fire involves electrical equipment C. When the fire is located in an enclosed area D. When the fire is caused by flammable products

A

Answer: B
Explanation:

51
Q
Which fire class can water be most appropriate for?  
A. Class A fires 
B. Class B fires 
C. Class C fires 
D. Class D fires
A

Answer: A
Explanation:

52
Q
What category of water sprinkler system is currently the most recommended water system for a computer room?  
A. Dry Pipe sprinkler system 
B. Wet Pipe sprinkler system 
C. Pre-action sprinkler system 
D. Deluge sprinkler system
A

Answer: C
Explanation:

53
Q
Which of the following is currently the most recommended water system for a computer room?  
A. pre-action 
B. wet pipe 
C. dry pipe 
D. deluge
A

Answer: A
Reference: pg 496 Hansche: Official (ISC)2 Guide to the CISSP Exam

54
Q

According to the ISC2, what should be the fire rating for the walls of an information processing facility?
A. All walls must have a one-hour minimum fire rating
B. All walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating
C. All walls must have a two-hour minimum fire rating
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.

A

Answer: C
Explanation:

55
Q
Which of the following suppresses the fuel supply of the fire?  
A. soda acid 
B. Co2 
C. Halon 
D. water
A

Answer: A
Explanation:

56
Q

Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. It minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems

A

Answer: C
Explanation:

57
Q
The most prevalent cause of computer center fires is which of the following?  
A. AC equipment 
B. electrical distribution systems 
C. heating systems 
D. natural causes
A

Answer: B
Explanation:

58
Q

What fire suppression system can be used in computer rooms that will not
damage computers and is safe for humans?
A. Water
B. FM200
C. Halon
D. CO2

A

Answer: B
Reference: http://www.fireline.com/fl_fm200firesuppression.html
FM-200 Systems
FM-200 Fire Suppression Systems - Halon Alternatives Fire Protection Systems
FM200 is a fire suppression system agent manufactured by Great Lakes Chemical.
How FM200 Suppresses Fire
FM200 suppresses fire by discharging as a gas onto the surface of combusting materials. Large amounts of heat energy are absorbed from the surface of the burning material, lowering it’s temperature below the ignition point.
FM200 Fire Suppression Systems and the Environment
FM200 fire suppression systems have low atmospheric lifetimes, global warming, and ozone depletion potentials. Unlike Halon 1301 fire suppression systems, FM200 systems are environmentally friendly. They provide an effective, safe method of special hazards fire suppression
where a non-residue producing clean agent is essential.

59
Q
The following are fire detector types EXCEPT:  
A. smoke activated 
B. flame actuated 
C. acoustical-seismic detection system 
D. heat activated
A

Answer: C
Explanation:

60
Q
Which fire class can water be most appropriate for?  
A. Class A fires 
B. Class B fires 
C. Class C fires 
D. Class D fires
A

Answer: A
Explanation: “Fire Extinguisher Classes
ClassTypeSuppression Material ACommon combustiblesWater, soda acid (dry powder) BLiquidsCO2 , Halon, soda acid CElectricalCO2, Halon” Pg. 578 Tittel: CISSP Study Guide

61
Q
Which one of the following actions should be taken FIRST after a fire has been detected?    
A. Turn off power to the computers 
B. Call the fire department 
C. Notify management 
D. Evacuate all personnel
A

Answer: D
Explanation: Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. . - Shon Harris All-in-one CISSP Certification Guide pg 625

62
Q
Which of the following provides coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat?  
A. Business continuity plan 
B. Incident response plan 
C. Disaster recovery plan 
D. Occupant emergency plan
A

Answer: D
Explanation: “Occupant Emergency Plan (OEP). The OEP is a document providing coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat. It does not necessarily deal with business systems or IT system functionality, but rather focuses on personnel and property at a specific facility.” Pg 666 Hansche: Official (ISC)2 Guide to the CISSP Exam

63
Q
Disaster Recovery Plan emergency produces is a plan of action that commences immediately to prevent or minimize property damage and to:    
A. Prevent interruption of service. 
B. Minimize embarrassment. 
C. Prevent loss of life. 
D. Evacuate the facility.
A

Answer: C
Explanation: Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. - Shon Harris All-in-one CISSP Certification Guide pg 625

64
Q
What is the PRIMARY concern during a disaster?    
A. Recover of the critical functions. 
B. Availability of a hot site. 
C. Acceptable outage duration. 
D. Personnel safety.
A

Answer: D
Explanation: Personal safety goes way above and beyond all other things, unless you’re a rescue worker, and even then safety is still priority #1. Recovering critical functions and down time are not the MOST important concerns; Data can be recovered, a potential life loss cannot be. Making Personal safety of the utmost important