Q&As

Question 1

When conducting a thorough vulnerability analysis, which of the following is a step in identifying preventive measures?

a) Determine and evaluate significant threats, hazards and exposure to determine the likelihood of occurrence.
b) Identify the assets of the organization and determine the asset value as determined by management.
c) Identify the threats to the organization and determine the impact of a loss to the organization.
d) Interview employees to understand their experiences with loss events.

Answer 1

Determine and evaluate significant threats, hazards and exposure to determine the likelihood of occurrence.

Question 2

The process of assessing security-related risks from internal and external threats to an entity, its assets and personnel, is called a ________________.

a) Vulnerability Assessment
b) Risk Assessment
c) Security Survey
d) Loss Event Profile

Answer 2

Risk Assessment

Question 3

This is considered the most common reliable tool for determining adequacy and foreseeability and focuses on:
The risks to the physical assets and property
The protection measures (against any risk) that comprise the realm of physical security
Measuring three basic factors: quality, reliability and cost
This process is called a ________________.
a) Risk Analysis
b) Vulnerability Analysis
c) Security Survey
d) Loss Event Survey

Answer 3

Security Survey

Question 4

These are described as the most important written instructions for the security force which express the policies of the protected enterprise, summarize required officer duties and provide a basis for site-specific training. They are called:

a) Corporate Policy & Procedures
b) Security Department Policy & Procedures
c) Security Post Orders
d) Security Training Manual

Answer 4

Security Post Orders

Question 5

In the following formula, what does K equal?
K = Cp + Ct + Cr + Ci − I
Cp = cost of permanent replacement
Ct = cost of temporary substitute 
Cr = total related costs (remove old asset, install new, etc.) 
Ci = lost income cost 
I = available insurance or indemnity
a) Return on Investment (ROI)
b) Cost of Loss (COL)
c) Avoided Cost of Loss (ACOL)
d) Incident Frequency Factor (IFF)

Answer 5

Cost of Loss (COL)

Question 6

Which of the following processes places more focus on evaluating vulnerabilities?

a) Risk Assessment
b) Security Survey
c) Loss Event Likelihood Profile
d) Loss Event Impact Profile

Answer 6

Security Survey

Question 7

Which of the following is suggested as part of evaluating an Inadvertent Threat?

a) Long-term data collected on weather and other natural hazards, terrains, and environments.
b) Evaluate information provided by neighboring businesses for natural events which have caused losses.
c) Unexpected natural events can occur so some degree of all-hazard preparedness is evaluated.
d) Utility interruptions, closure of access routes, unwanted attention or traffic, full or partial operation shutdowns and productivity disruptions.

Answer 7

Utility interruptions, closure of access routes, unwanted attention or traffic, full or partial operation shutdowns and productivity disruptions.

Question 8

A measure which is based on a reference that involves at least two points, quantity over time, is called a ___________.

a) Qualitative process
b) Measurement indicator.
c) Quantity over time process.
d) Metric indicator.

Answer 8

Metric indicator.

Question 9

A list of the kinds of threats or hazards affecting the assets to be protected in an organization is called a _____ _______ Profile.

a) Asset Identification
b) Loss Event
c) Loss Impact
d) Security Survey

Answer 9

Loss Event Profile

Question 10

Collecting site historical loss data, neighborhood makeup/historical loss data, overall geographical location, political and social conditions is involved in the process of determining a loss event’s ________.

a) Impact
b) Criticality
c) Likelihood
d) Observability

Answer 10

Likelihood

Question 11

When evaluating PPS solutions, including engineering, design, hardware and software costs is part of ______________.

a) Threat assessments
b) Life cycle cost estimates
c) Cost of loss estimations
d) Loss event likelihood estimates

Answer 11

Life cycle cost estimates

Question 12

“A weakness or organizational practice that may facilitate or allow a threat to be implemented or increase the magnitude of a loss event”, is a definition of which of the following?

a) Loss event
b) Vulnerability
c) Risk
d) Criticality

Answer 12

Vulnerability

Question 13

(SAMPLE RISK MATRIX) High-Medium-Low/Low-Moderate-High
The above matrix is an example of a _________ evaluation.
a) Quantitative
b) Qualitative
c) Substantive
d) Objective

Answer 13

Qualitative

Question 14

Which of the following is a TRUE statement regarding threats and vulnerabilities?

a) Vulnerability is a characteristic of the organization and controllable to some degree.
b) Threats are a characteristic of the organization and controllable to some degree.
c) Vulnerabilities are usually outside the control of the organization.
d) Threats are all predictable using a properly applied threat assessment process.

Answer 14

Vulnerability is a characteristic of the organization and controllable to some degree.

Question 15

Which of the following is considered part of developing an effective PPS using security-in-depth principles of the 4-D’s?

a) Deter, detect, delay, and deny
b) Deter, detect, delay, and dispatch
c) Detect, delay, dispatch and detain
d) Detect, delay, deny and dispatch

Answer 15

Deter, detect, delay, and deny

Question 16

Which of the following is considered a “Direct Cost” when considering the costs of loss?

a) Long-term negative consumer perception.
b) Higher wages needed to attract future employees.
c) Deductible expenses on insurance claims.
d) Employee turnover due to poor employee morale.

Answer 16

Deductible expenses on insurance claims.

Question 17

Which of the following is considered an “Indirect Cost” when considering the costs of loss?

a) Additional public relations costs to overcome poor image.
b) Punitive damage awards not covered by insurance.
c) Management time dealing with a disaster.
d) Lost business from immediate post-risk incident.

Answer 17

Additional public relations costs to overcome poor image.

Question 18

A risk mitigation technique which provides for purchasing insurance to mitigate the security risk, is BEST described as which of the following?

a) Risk Acceptance
b) Risk Assumption
c) Risk Limitation
d) Risk Transfer

Answer 18

Risk Transfer

Question 19

When applying risk mitigation techniques, it is often not practical to address all identified risks, so which of the following statements BEST explains how to mitigate the risk?

a) Priority should be given to the threat and vulnerability that have the most likelihood to occur.
b) Priority should be given to the asset–threat and vulnerability that have the potential to cause significant impact.
c) Priority should be given to the asset and vulnerability risk with highest likelihood.
d) Priority should be given to the asset and threat risk with highest likelihood.

Answer 19

Priority should be given to the asset–threat and vulnerability that have the potential to cause significant impact.

Question 20

Based on simulation or actual tests, one can compute the time an access control system will take to process the peak number of access requests. For an efficient access control system, response time at any card reader should be no longer than ___________ at peak load.

a) 2 seconds
b) 5 seconds
c) 30 seconds
d) 60 seconds

Answer 20

2 seconds

Question 21

“These diagrams show complete security subsystems, including all the devices and how they are connected in a building or campus”, they are BEST described as:

a) Elevation drawings
b) Plan drawings
c) Riser drawings
d) Details drawings

Answer 21

Riser drawings

Question 22

This type of drawing shows an area in map-like form to specify where at a particular site the security devices are located. What type of drawing is this?

a) Plan Drawing
b) Elevation Drawing
c) Details Drawing
d) Riser Drawing

Answer 22

Plan Drawing

Question 23

A risk mitigation technique which provides for the application of physical security, policy and procedures, deployed security officers all integrated to mitigate the security risk, is BEST described as which of the following?

a) Risk Acceptance
b) Risk Assumption
c) Risk Limitation
d) Risk Transfer

Answer 23

Risk Limitation

Question 24

Which of the following is considered to have the most significant implementation cost as a risk mitigation measure?

a) Risk Transfer
b) Risk Avoidance
c) Risk Assumption
d) Site Hardening

Answer 24

Site Hardening

Question 25

Which of the following is considered the MOST IMPORTANT phase in the PPS Life Cycle Phase?

a) Planning Phase
b) Design and Estimation Phase
c) Procurement Phase
d) Testing and Warranty Phase

Answer 25

Planning Phase

Question 26

In this part of the Life Cycle Phase, security staff and other members of the project team develop all the necessary documentation to support the procurement of the PPS. This is BEST described in which phase?

a) The Planning Phase
b) The Design and Estimation Phase
c) The Procurement Phase
d) The Installation, Operation and Training Phase

Answer 26

The Design and Estimation Phase

Question 27

When tests are performed by the implementation team which involve equipment, personnel, procedures, or any combination that simulate realistic conditions and provide conclusive evidence about the effectiveness of the security system, this is BEST described as which of the following?

a) Procurement Phase
b) Installation, Operation and Training Phase
c) Commissioning and Warranty Phase
d) Maintenance, Evaluation and Replacement Phase

Answer 27

Commissioning and Warranty Phase