Sample Questions Flashcards by garima goswamy

This type of ethics is most relevant to business, is active and applies ethical concepts in specific business situations. This form of ethics makes specific judgements about right and wrong and prescribes types of behaviour as ethical in the context of an activity. It makes claims about what should be done and what may not be done. This is best described as:

Applied ethics

How well did you know this?

Not at all

Perfectly

This aspect of emergency management encompasses actions taken before an event to plan, organize, equip, train and exercise in order to deal with emergencies that cannot be avoided or entirely mitigated. This is called

Preparedness

How well did you know this?

Not at all

Perfectly

This ASIS/ANSI ORM Security and Resilience in Organizations and Their Supply Chains (2017) outlines a risk assessment process. Which of the following describes the process?

Asset identification, risk identification, risk analysis and risk evaluation

How well did you know this?

Not at all

Perfectly

When presenting a business case, this should tell the complete story of the case as it may be the only part of the document that some senior managers read, providing general information on the issues surrounding the business problem or project. The part of the business case that BEST describes this is which of the following?

Executive Summary

How well did you know this?

Not at all

Perfectly

The plan do act check cycle has a step which looks at the planning analysis, then devises a solution, prioritizes the next steps and develops a detailed action plan. This step is referred to as which part of the cycle?

How well did you know this?

Not at all

Perfectly

The integration of traditional security functions and information (systems), IT security functions is known as

Convergence

How well did you know this?

Not at all

Perfectly

Which of the following statements is true when interviewing a stuspect for a company internal theft?
The suspect should be made to be uncomfortable as possible in the interview room.
An audio or video recording of the interview is a valuable tool for confirming statements made by all persons present.
An audio or video recording of the interview is obstructive and may be contrary to law.
The interview is conducted in any location, preferably not at the workplace.

An audio or video recording of the interview is a valuable tool for confirming statements made by all persons present.

How well did you know this?

Not at all

Perfectly

Scams and phishing schemes are used to infect victims with ransomware, a process of encrypting a user’s files and then demanding payment to decrypt them. This type of cyber attack is also know as
Cryptography
Email compromise scheme
Social engineering attack
Cryptoware

Cryptoware

How well did you know this?

Not at all

Perfectly

Which of the following statements concerning interviewing and deception is true?
Deceptive persons answer questions in a direct, straghtforward, spontaneous and sincere manner
Some behavioural characteristics that suggest deception may also be displayed by truthful subject.
The assessment of a subject’s truthfulness is based on a single bahviour pattern
A single word or behaviour characteristics automatically means a person is lying or telling the truth.

Some behavioural characteristics that suggest deception may also be displayed by truthful subject.

How well did you know this?

Not at all

Perfectly

There are three main characteristics of intrusion sensor performance. They are probability of detection, vulnerability to defeat and which of the following?
Detection capability
Bypass capability
Detection technology
Nuisance alarm rates

Nuisance alarm rates

How well did you know this?

Not at all

Perfectly

The practice of borrowing capital to purchase assets that can increase revenue is called which of the following?
Banking
Leveraging
Loaning
Averaging

Leveraging

How well did you know this?

Not at all

Perfectly

This maneragial task involves connecting different people and functions to achieve cooperation to enable a stated goal to be achieved. A good manager must have a broader view and understanding of what is happening and what needs to be done to synchronise different deparments working to bring them together with the right end goal in mind. This statement defines which of the following?
Planning
Organizing
Directing
Coordinating

Coordinating

How well did you know this?

Not at all

Perfectly

These specifications make it easier to design systems and sell equipment across borders. Which of the following help establish design requirements for devices, systems and infrastructure to withstand threats?
Analysis
Standards
Specifications
Assessments

Standards

How well did you know this?

Not at all

Perfectly

When using a third party investigator to conduct pre employment background investigations, which of the following statements is correct?
The accountability for the final evaluation of the background investigation remains with the employer
Person’s with any form of criminal history should never be recommended for hiring.
The age of any adverse information and the age of the applicant at the time of the adverse incident is not relevant.
The third party’s judgment of the background investigation is considered final.

The accountability for the final evaluation of the background investigation remains with the employer

How well did you know this?

Not at all

Perfectly

A company is interested in purchasing property overseas. They decide to conduct an investigation to evaluate the current property owners, the location, the finances, and operations of the target property. Which of the following best describes this type of investigation?
Background
Compliance
Due Diligence
Financial

Due diligence

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes the following?
The equipment is primarily used to
Detect activities that call for a security response
Collect images of an incident for later review
Assist with incident assessment
Video surveillance
Access control
Incident detection
CCTV surveillance

Video surveillance

How well did you know this?

Not at all

Perfectly

Which statement BEST describes non verbal responses?
Voice characteristics such as tone, pitch, speed and clarity
Body movements and position changes, gestures, facial expressions and eye contact.
Both spoken words and gestures that serve as word substitutes, such as nodding the head to indicate yes.
Voice characteristics and body movements that indicate deception.

Body movements and position changes, gestures, facial expressions and eye contact.

How well did you know this?

Not at all

Perfectly

If an executive from the organization is kidnapped and made incapable of running the company, the organization can expect three types of financial losses. One of these is:
The government finding the organization for failing to provide adequate security.
The subsequent lawsuit for the executive’s family for the loss of the executive
The executive’s services will be lost either temporarily or permanently. which can be costly.
The costly loss of corporate revenue

The executive’s services will be lost either temporarily or permanently. which can be costly.

How well did you know this?

Not at all

Perfectly

Which describes an investigative interview’s attentiveness, concentration, acceptance, detachment and patience. this best decribes which of the following skills?
Active listening
Objective demeanour
Non verbal attention
Interviewer attentiveness

Active listening

How well did you know this?

Not at all

Perfectly

ABC corporagtion has a management style where managers and supervisors guide their employees towards achieving organization’s obectives. The workers enjoy a higher workplace morale and are happy they work with management towards success. This type of management is known as which of the following?
Employee driven
Autocratic
Laissez Faire
Democratic

Democratic

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses) and the difference between those figures (net income)?
Income statement
Expense sheet
Cash flow statement
Balance sheet

Income statement

How well did you know this?

Not at all

Perfectly

DEF Company is an electronics hardware receiving, storing, and shipping consumer electronics. The company’s security director conducted a vulnerability analysis and reported that a lack of physical security controls exist to control thefts. Additionally, the company has no data on product losses, nor does a fraud or theft prevention program exist. These vulnerabilities are best described as?
A perceived opportunity to commit theft or fraud
Employees with previous criminal convictions will be tempted to steal
Employees with a lifestyle that is beyond their financial obligation.
A perceived need to steal electronics

A perceived opportunity to commit theft or fraud

How well did you know this?

Not at all

Perfectly

A security weakness or practice that may faciliate or allow a threat to occur defines which of the following?
Vulnerability
Risk
Loss event
Criticality

Vulnerability

How well did you know this?

Not at all

Perfectly

Three financial reports or statements have become accepted as standard and they make it possible to paint a clear picture of a company’s current and prospective financial health. They are:
the balance sheet, portfolio ratio and cash flow statement
The income statement, profit and loss and cash flow statement
The income sheet, profit ratio and cash flow statement
The income statement, balance sheet and cash flow statement

The income statement, balance sheet and cash flow statement

How well did you know this?

Not at all

Perfectly

Which of the following statements best describes ISO industry standards? ISO standards address training, employee competencies, products, rpocesses and quality control ISO standards often become recognized as industry best practices and becomes market requirements ISO regulates, legislates and enforces compliances to standards. ISO is governmental organization

ISO standards often become recognized as industry best practices and becomes market requirements

Information warrenting protection must be appropriately identified and marked using various levels to distinguish the degree of sensitivity, confidentiality, restricted, limited, non public etc. Who in the organization is best suited to define the security level? The originator of the information The IT security manager The security manager The IT manager

The originator of the information

Documented security instructions or standard operating procedures useed as an essnetial reference for security personnel to know what is expected of them is also called Security training manual Security department policy and procedures Corporate policy and procedures Security post orders

Security Post Orders

This detector can use buried cable or transmitting and receiving signals relying on consistent reception of transmitted or reflected energy. When energy levels change due to a reflection or deflection, an alarm is transmitted. This is called ________ detection. Vibration Infrared Microware Capacitance

Microwave

When an investigator is questioning an employee who is suspected of stealing funds from the organization, this is best described as an: Informational interview Interview Non accusatory interview Confrontational interview

Confrontational interview

ABC inc decided to reduce the risk of theft by spreading valuable assets to various locations, while applying target hardening strategies and countermeasures. However, a risk of the theft remains. This is referred to as Residual threat Residual risk Risk spreading Residual impact

Residual risk

Which of the following statement BEST describes a CCTV camera's field of view? The area visible through the camera lens The location or area intended to be observed The function of a CCTV camera which best controls colour rendition The view from the camera that is recorded

The area visible through the camera lens

No matter how an adversary attempts to accomplish their goal, effective elemetns of the physical protection systems will be encoutered. This is BESt described to as which of the following? Design criteria Performance based design Balanced protection Conceptual design criteria

Balanced protection

ABC Inc's information system human resources files have been compromised and an unknown cyber criminal is demanding a payment of USD 1 million or they will release the confidential information onto public internet. This type of threat is known as which of the following? Phishing Malware Virus ware Ransomware

Ransomware

When designing the physical security protection for the facility, this layer of security measures included protective lighting, intrusion detection systems, locks, signs, barriers such as fencing, and building exterior walls and openings. this BEST describes which layer or protection? Outer Perimeter Middle Inner

Middle

Cyber criminals were disguising themselves as members from ABC Inc human resource group and contacted employees of ABC Inc asking recipients for their username and passwords. This type of threat is known as Ransomware Phishing Malware Virusware

Ransomware

The following theory asserts that a person's behaviour is driven by basic needs at different levels and is still widely recommended to analyse individual employee motivation. This is referred to which of the following? Motivation Hygiene Theory McGregor's Theory Maslow's Theory Hertzberg's Theory

Maslow's Theory

To monitor and measure an organization's risk management performance, a set of performance indicators should be developed to measure both the management systems and its outcomes. Measurements should meet which of the following metrics? Quantitative or qualitative Qualitative Quantitative Quantitative and SMART

Qualitative or quantitative

ABC Inc installed perimeter fence at the local warehouse. Which of the following best describes the application of this measure? Deterrence and response Delay and response Access control and delay Access control and deterrence

Access control and deterrence

According to most international legal requirements, these do not have to be registered to be protected. Nevertheless, a person can formalize ownership through government registration, which may help any later enforcement actions. This applies to which of the following? Patents Trademark Trade secrets Copyrights

Copyrights

A security officer deployment configuration where a proprietary supervisor oversee contract front line officers is know as Contract Principle-Agent Proprietary Principal-Agent Hybrid Principal-Agent Contract-Agent

Hybrid Principal-Agent

Which of the following best describes ESRM ESRM assigns determined risks to specific programs ESRM is an element of an existing security program within the organzation ESRM is management program or process using a strategic approach. ESRM is built around existing security programs in the organization including sub programs.

ESRM is management program or process using a strategic approach.

In a bomb threat assessment, the threat evaluation team is an important asset. Which of the following statements is correct? The TET can manage several different sites The team's final decisions are made by several members A record keeper is an important part of the team A large team is better than a smaller team

A record keeper is an important part of the team

An organiztion is planning highly sensitive meetings, involving information which would be considered highly confidential and proprietary and not intended for disclosure. The organization wants employement services, equipment and techniques designed to locate, identify and neutralize covert technical surveillance devices, which may be in or near the meeting areas. Which type of services BEST describes what the organization needs? Contracted counter surveillance Technical surveillance countermeasures Contracted investigation services Technical security services

Technical surveillance countermeasures

When conducting a security survey which of the following should be the focus of the assessment? Threats Consequences Assets Vulnerabilities

Vulnerabilities

Private and personal information pertaining to an organization's employees, management, business relationships, and customers is also often referred to as Employee Personnel Records Organization's Personnel Records Trade Secrets Personally Identifiable information

Personally Identifiable information

In ESRM, who owns the risk decisions for identifable assets? The security manager The supervisors and managers The asset owner The employees and non employees

The asset owner

To ensure sustained longevity and success, there are four critical concepts tht comprisethe foundation of ESRM. They are holistic risk management, partnership with stakeholders, transparency and which of the following? Resilience Preparedness Governance Convergence

Governance

The primary goal of an interview is which of the following? Admission of guilt Truthful information Recollection of facts Confession to a crime

Truthful information

This is measured in terms of frequency or probability, where frequency is the number of times an undesired event happens in a defined time period. this is called Observability Impact Criticality Likelihood

Likelihood

Programs developed and implemented prior to an incident used to support mitigation of, response to, and recovery from emergencies is referred to as which of the following? Mitigation Recovery Preparedness Response

Preparedness

Tom, the CSO at DEF Inc, has a leadership style where he perceives subordinates need direct supervision and instructions to their complete work. This describes which of the following leadership styles? Laissez-faire Behavioural Authoritarian Democratic

Authoritarian

CPTED is the design or redesign of a venue to reduce crime opportunity and fear of crime through natural, mechanical, and procedufral means. CPTED is a crime prevention theory grounded in environmental criminology. CPTED primarily focuses on which of the following physical protection system principles? Delay Deterrence Detection Response

Deterrence

The Plan-Do-Check-Act (PDCA) cycle has a step where one examines the solutions devised to address the problem. The point is to check whether the solutions are producing outcomes that are consistent with the plan. This step is referred to as which part of the cycle? Plan Do Check Act

Check

A suspicious letter was received in the mailroom delivered through the local postal delivery system. The letter is suspicious because it is directed to the CEO and the return address is a person known to have made threats. the large, brown envelop feels like it has granular sand-like material contained inside. Which of the following is a correct reaction? Move the package outside immediately. Open the items enough to examine the contents, while awaiting emergency services Submerge the item in water, placing a heavy object on top to ensure it remains submerged Consider moving the item to an isolated place and wait for emergency services.

Consider moving the item to an isolated place and wait for emergency services.

Which of the following statements would be considered an interviewing clue to an investigator, indicating a deceitful subject? No I didn't steal the money I couldn't take that money. I wouldn't do that type of thing. I did not steal that USD12000 or whatever it is. I didn't steal a penny of it. Absolutely not; I had nothing to so with it.

I couldn't take that money. I wouldn't do that type of thing.

The enterprise security risk management (ESRM) cycle involves a process of identifying and prioritizing organizational assets and the process involves three key roles. Which of the following identifies the key roles? All employees, the risk manager, legal counsel The asset owner, top management, the security professional All employees, the risk manager, the security professional The asset owner, top management, the risk manager

The asset owner, top management, the security professional

Which of the following statements is correct when reviewing an incident reporting and management database? Management needs to avoid flexibility in establishing and maintaining the database system Regardless of the size of the other category, making changes to the database is not recommended because reporting will change. To be cost effective, an asset protection program must consider only the major incidents and events If 80 percent of each month’s reports fall into the “other” category, new categories should be developed.

If 80 percent of each month’s reports fall into the “other” category, new categories should be developed.

Which of the following statements BEST describes risk assessments as they relate to information systems? Organizations are recommended to only perform qualitative risk assessments Organizations are recommended to only perform quantitative risk assessments Risk assessment of the organization's information systems should be performed once. Risk assessments should identify risks, quantify them, and prioritize them according to the organization's criteria for risk acceptance.

Risk assessments should identify risks, quantify them, and prioritize them according to the organization's criteria for risk acceptance.

The property owner in a 20-unit townhouse complex decided to reinforce the privacy of the children's playground by adding a security patrol to the area to deter illicit drug use by trespassers, along with overt CCTV surveillance, with perimeter fencing and an access controlled gate. This is BEST known in CPTED as which of the following? Management and maintenance support Legitimate activity support Mechanical measures Natural measures

Legitimate activity support

Activities providing a critical foundation in the effort to reduce the loss of life and property from natural and/or manmade disasters by avoiding or lessoning the impact of a disaster and providing value to the public by creating safer communities. This is referred to as Response Preparedness Mitigation Recovery

Mitigation

Which of the following statements about recording functional requirements is TRUE? Resolution relates to the lenght of time a recorded video is stored. When selecting a video surveillance system, it is important to use a systems approach Compression (Codec) relates to picture clarity and the ability to distinguish key features When selecting a video surveillance system, it is important to use a components approach

When selecting a video surveillance system, it is important to use a systems approach

Which of the following standards specifies requirements to implement, maintain and improve a management system to protect against, prepare for, respond to, and recover from disruptions when they arise? ANSI/ASIS ORM.1-2017 Security and Resilience in Organizations ISO 22301:2019 Business Continuity ANSI/ASIS PAP.1-2012 Physical Asset Protection ISO 27001:2022 Information Security

ISO 22301:2019 Business Continuity

The property owners in a 20-unit townhouse complex implemented signage and designed the landscaping to deter unwanted activity and tresspassing. They also designed the area to better sight lines of the children's playground from the inside of the residences. They intend to establish a sense of ownership, responsibility, and accountability with property owners, to increase vigilance in identifying tresspassers. Which of the following CPTED terms BEST meets this community's intent? Natural Territorial Reinforcement Random Activity Theory Target attractiveness Neighbourhood watch

Natural Territorial Reinforcement

The likelihood of one outcome out of the total of all possible undesirable outcomes, expressed as a number between 0 and 1 is called: Likelihood Probability Criticality Impact

Probability

The ability of the physical protection system to prevent a successful attack once it has been initiated is BEST referred to as which of the following? Vulnerability effectiveness System effectiveness Effective security and personnel Effective security hardware

System effectiveness

A company's investigative unit is conducing an internal theft investigation in its warehouse. The company hired external contract investigators to assist in the project by providing project management, undercover operations, an anonymous caller "Tip Line" and convert CCTV monitoring the area. These efforts can be BEST described as: Covert surveillance Force multiplier Undercover operations Overt surveillance

Force multiplier

"One of the basic CPTED strategies is to design multiple or concentric layers of security measures so that protected assets are behind multiple barrier" is a definition of which of the following? Natural boundary definition Natural access control Protection in depth CPTED

Protection in depth

In the design of a new high rise structure and considering the life safety aspect of the building, which of the following should rank as a first priority? Fire detection, confinement, extinguishment, evacuation and escape Adversary deterrence, detection, denial, delay and defense CPTED principles in the building design Controlled access and surveillance for legitimate users.

Fire detection, confinement, extinguishment, evacuation and escape

What is interoperability? The ability for security forces to communicate with internal departments in an emergency. The ability of private security and the public sector to work together. The ability for different jurisdictions and responding agencies to communicate with each other wirelessly. The ability for the emergency responders to work seamlessly with proprietary security forces.

The ability for different jurisdictions and responding agencies to communicate with each other wirelessly.

Using a comprehensive model for theft and fraud prevention uses programs to educate management and employees about the nature, types and most vulnerable areas of losses in the organization using written policies, accountability systems, and awareness programs. Which element of the program BEST describes this description? Prevention Training Compliance Analysis

Prevention

Inappropirate links or unprotected networks, improper system configuration, or unpatched workstations are examples of: Natural information security threat Virtual information security threat Vulnerability in the information systems management processes Vulnerability in the information systems infrastructure

Vulnerability in the information systems infrastructure

These diagrams show complete security subsystems, including all the devices and how they are connected in a building or campus. They are called: Riser diagrams Plan drawings Elevation drawings Details diagrams

Riser diagrams

ABC Inc wants to develop a document outlining the overall intensions and direction of the organization as it relates to managing risk to enhance the resilience and security of ABC Inc. This is also referred to as which of the following? A policy A procedure A practice A standard

A policy

Security professionals can most effectively convince managment of the need for security by qualifying and prioritizing the loss potential with presenting which of the following? A strategic plan that applies to the security organization A cost-benefit analysis with business unit enforsement A cost-benefit analysis and returns on investment assessment A strategic plan that applies to the whole organization.

A strategic plan that applies to the whole organization.

The product of the potential loss from an event and the likihood of the event is BEST described as Vulnerability Exposure Risk Profile Loss Event profile Annual Loss Expectancy

Annual Loss Expectancy

Which of the following is an example of risk reduction? Application of CPTED principles to mitigate risk Purchasing insurance to mitigate losses Accepting the risk without mitigation strategies applied Considering the probability and impact, doing nothing

Application of CPTED principles to mitigate risk

"A systematic evaluation of a subject's verbal and non verbal behaviour during the course of a structured interview in which both invstigative and behaviour provoking quesitons are asked" BEST describes which of the following? Behaviour analysis interview Statement analysis Fact finding interview Non confrontational interview

Behaviour analysis interview

A business unit's top leadership will develop a plan that provides a general direction for the organization. This plan is the fundamental template for direction that defines and supports the organization's long term goals. SWOT plan PEST plan Strategic plan STEP plan

Strategic plan

A janitor has limited access to information on the organization's information systems, restricting access to only his/her payroll information and personal timesheets. HR and payroll personnel have access to higher levels of the same timesheet information. This is an example of: Information control Information protection Password protocols Defense in Depth

Defense in Depth

When defining protection for information systems, persons are asigned increased level of trust for access to entitled levels of access to sensitive informatio. This is called: Password protocols Information protection Defense in Depth Information control

Defense in Depth

CPTED measurs which employ good space planning to reduce inhabitant conflicts by considering compatible circulation patterns, including a well defined building entrance and arrnagement courtyards, patios, and porches for unobstructed line of sight describes which of the following? Organizational measures Human measures Mechanical measures Natural measures

Natural measures

Which of the following lighting systems have the BEST color rendition for night lighting? Mercury vapor Metal halide Low pressure sodium High pressure sodium

Metal halide

"The ability of an organization to resist being affected by an event or the ability to return to an acceptable level of performance in an acceptable period of time after being affected by an event" is called Organizational resilience Emergency operations plans Continuity of operations Business continuity

Organizational resilience

This assessment is performed to establish a baseline of physical protection system; effectiveness iin meeting goals and objectives. The process is a method of identifying the weak points of a facility, entity, venue or person. This is BEST described as a Risk assessment Vulnerability assessment Security survey Risk analysis

Vulnerability assessment

Insurance coverage on an asset is considered the most common form of what type of risk management? Risk transfer Risk spreading Risk acceptance Risk reduction

Risk transfer

When in a procurement stage, an invitation for bids will list specific equipment and software and request prices from the contractor to supply the specific items and install them. This is best described as Design estimation Design evaluation Design specification Design planning

Design specification

Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses) and the difference between those figures (net income)? Income statement Balance sheet Cash flow statement Expense sheet

Income statement

The following theory is based on the premise that the opposite of satisfaction is not dissatisfaction but simply no satisfaction. The theory maintains that two set of factors determine a worker's motivation, attitude and success. It is referred to as which of the following? Hertzberg's Theory Maslow's Theory Hierarchy of needs theory McGregor's Theory

Hertzberg's Theory

This type of property need not be registered with any outside agency, so the owner can maintain a greater degree of control over the asset. The owner must be able to prove that the information's added value or benefit to the owner, was specifically identified, and the owner provided a reasonable level of security to protect the information. This is called a Trade secret Copyright Patent Trademark

Trade secret

When considering incident command management, who becomes the incident commander when an incident requires public safety response? The security manager The senior member of the organization's leadership The senior member of the responding security team The senior member of the responding agency

The senior member of the responding agency

Which of the following best describes ENTRAPMENT? Considered a crime when done by a designated agent. Does not require pre existing evidence of similar acts. The agent is encouraged to use entrapment to catch employees stealing. The agent encourages a person to commit a crime.

The agent encourages a person to commit a crime.

Which of the following best describes the following statement: "This process uses the risk criteria and outputs to determine what risks are acceptable with the existing risk treatments and which require additional risk treatments. " Risk identification Risk analysis Risk evaluation Risk assessment

Risk evaluation

Post incident recovery can be categorized into (3) phases, where the long term phase includes post-incident debriefing with internal stakeholders. Which of the following strategies is included in this phase? 1. Coordinating and directing employees and families to employee assistant programs. 2. Accounting for all individuals onsite, ensuring for life safety priorities. 3. Ensuring emergency communication with employees, families, public and the media. 4. Evaluate the incident

1. Coordinating and directing employees and families to employee assistant programs.

Which of the following is an essential component to the primary objective of implementing local network access control? 1. Protecting information confidentiality using authentication 2. Protecting information confidentiality from viruses. 3. Protecting the organization's network security 4. Protecting personal identifiable information against hackers.

Protecting information confidentiality using authentication

The three primary functions of a physical protection system are 1. Detect, delay and response 2. Deter, detect and response 3, Deter, delay and response 4, Detect deter and response.

Detect, delay and response

Which of the following best describes the role of an organization's crisis management team? Performs more of a tactical role in an emergency Fulfils a strategic more than tactical role Performs more of an operational role in an emergency Performs the role of incident command in an emergency.

Fulfils a strategic more than tactical role

The product of the potential loss from an event and the likelihood of the event is BEST described as: Annual loss expectancy Vulnerability exposure Loss event profile Risk profile

Loss event profile

Organizations are required by standards (ANSI/ASIS ORM-2017) to report and investigate incidents. Which of the following types of incidents are stipulated? Incidents involving casualties, allegations of abuse or substance abuse Incidents with allegations of personal relationship between employees Human resources (HR) reporting employees arriving late for work and abusing sick time Incidents involving missing property and subordination to a superior.

Incidents involving casualties, allegations of abuse or substance abuse

A process by which an organizational user is identified and granted privileges to level of network information, systems or resources is called which of the following? Application encryption control Application security control Logical network access control Digital signature control

Logical network access control

An organization invested in developing a new technology and intends to secure the information for the design, development and marketing of the product. At this point, how can this information be BEST defined? Trademark information Patent information Trade secret information Proprietary information

Proprietary information

Packages may be searched for contraband manually or by active interrogation using x rays. Which of the following statements is correct? Active interrogation x ray technology will not detect drugs. Active interrogation x ray technology will not detect explosives. It is safe to expose personnel to active interrogation methods of x ray screening. Advanced backscatter x ray technology is safe for screening personnel.

Advanced backscatter x ray technology is safe for screening personnel.

Who is BEST suited to conduct a preliminary search for suspicious packages in the event of a bomb threat? The responding fire department The responding police Responding security officers People who work in that area

People who work in that area

The Security Director for ABC Manufacturing wants to test the new, never tested before business continuity plan designed for the organization. It is critical the 24/7 manufacturing and assembly operations are not impacted by the testing, Which of the following statements BEST describes how to test the plant? A tabletop practical or stimulated exercise presented as realistically as possible. An orientation session followed by a tabletop exercise presented in a narrative form. A full scale live or real life exercise A functional exercise

An orientation session followed by a tabletop exercise presented in a narrative form.

This communicates business functionality and operational methods. It specifies a business' type of products or services, level of quality, and other tangible aspects of the business and its plans." This is best referred to as: A vision statement A mission statement A strategic plan An organizational strategy

A mission statement

The process of assessing security-related risks from internal and external threats to an entity, its assets and personnel, it is best described as a Security survey Risk assessment Vulnerability assessment CARVER assessment

Risk assessment

Ethics problems are not confined to the business world; they can be found in almost any field or endeavour. What are the three factors that psychologists include commonly motivate individuals to commit unethical or dishonest acts? Desire, rationalization, and opportunity Determination, access, and lack of ethics Determination, justification and lack of ethics Desire, justification and lack of ethics

Desire, rationalization, and opportunity

"This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve," This best describes Vision statement Mission statements Strategic plans Organizational Objectives

Organizational objectives

This process reuires consideration of the threat type, tactics, mode of operations, capabilities, threat levels and likelihood of occurance. Threats come from malevolent humans, not accidental (safety-related) events. This process is BEST defined as which of the following? Threat Risk Assessment Design Basis Threats Loss Event Profiles Adversarial Sequence Diagrams

Design Basis Threats

In the following formula, what does K equal? K=Cp+Ct+Cr+Ci-I Incident Frequency Factor Return on Investment Cost of Loss Avoided Cost of Loss

Cost of Loss

When considering the development of a post incident recovery plan for acts of workplace violence, which of the following is the highest priority? Evidence collection and preservation for the impending invstigation Notification to management and next of kin Life safety considering the immediate needs of those impacted Coordination of the Threat Management Team

Life safety considering the immediate needs of those impacted

A metric which measures how an organization or individual is performing against defined goals and objectives are called a: Defined Target Measure Competence Based Metric Balanced Scorecard Metric Key Performance Indicator

Key Performance Indicator

When designing a new multi-level parking garage, to increase visibility, both interior-to-exterior and exterior-to-interior to facilitate witness potential and make the likely adversary fear exposure is described in CPTED as which of the following? Compartmentalization Natural access control Natural surveillance Natural territorial reinforcement

Natural surveillance

An uncertain situation where a number of possible outcomes might occur, one or more of which is undesirable, Best describes which of the following? Risk Targets Threats Loss

Risk

"An organization can be an adaptive, problem solving, innovative system operating in and coping rapidly changing environments. Bureaucracy and the "organization man" will have no place in future organiztions." This is a theory known as which of the following? Maslow's Theory Crime Prevention Through Environmental Design Warren Bennis' Theory Hertzberg's Theory

Warren Bennis' Theory

This detector absorbs invisible light energy comparing actual energy to established background energy. What type of detector is this? Active infrared Passive microwave Active microwave Passive infrared

Passive infrared

ABC Inc. installed a chain-link security fence, defining the perimeter of the facility. The fence also displays "No tresspassing signage" and has locking gates with automated access control. In CPTED, these measures are elements of which of the following? Surveillance and territoriality Natural territoriality and natural access control Territoriality and access control Management and maintenance

Territoriality and access control

The Human Resource (HR) department for ABC Inc. invited the Security Director to provide guidance towards protecting the organization's personnel files which are designated as personal identifiable information (PII). Which of the following is the best advice from the Security Director? Recommend relevant HR personnel handling the information undertake special training on protecting sensitive information Recommend HR evaluate the employee's privacy information and determine the legal and regulatory requirements for protection Implement physical security measures Implement immediate network access control measures

Recommend HR evaluate the employee's privacy information and determine the legal and regulatory requirements for protection

Which of the following is considered part of developing an effective physical protection system using protection-in-depth principle when designing an "outer-layer" perimeter? Deter, detect, delay and dispatch Detect, delay, dispatch and detain Deter, detect, delay and respond Detect, delay, deny and respond

Deter, detect, delay and respond

Active intrusion sensors transmit a signal from a transmitter and, with a receiver, detect changes or reflections on that signal. When the transmitter and the receiver are separated, what type of installation would this be called? Bistatic Monostatic Passive Active

Bistatic

Which of the following statements is correct relating to using bulk explosive detection technologies to screen packages, people, or vehicles with the intention of detecting explosives? A fabric swab is rubbed across the object to collect partlcie residues from hard surface then analysed by a detector Vapor sampling collects an air sample next to the object for analysis Backscatter technologies are capable of scanning packages, vehicles, persons for weapons, contraband and the presence of explosives. Bulk technologies using ionizing radiation

Backscatter technologies are capable of scanning packages, vehicles, persons for weapons, contraband and the presence of explosives.

The following theory asserts job content (motivators), such as achievement, recognition, responsibility and satisfaction are derived from work itself, is best described as part of which of the following theories? Maslow's theory Hertzberg's Theory Hierarchy of Needs Theory McGregor's Theory

Hertzberg's Theory (not sure)

Which of the following statements is the MOST accurate declaraction concerning employee dishonesty? Most employees would seal from the employer if given an opportunity Employees have no control over factors which contribute towards employee theft and fraud Employees involved in theft have usually been involved in other misconduct at the company Most employees would steal from their employers considering themselves dishonest

Employees involved in theft have usually been involved in other misconduct at the company

When considering the development of a post incident recovery plan for acts of workplace violence, which of the following is the highest priority? Evidence collection and preservation for the impending investigation Notification to management and next of kin Life safety considering the immediate needs of those impacted Coordination of the Threat Management Team

Evidence collection and preservation for the impending investigation

"A specific description of where the business will be in the long term, that conveys a general understanding of the business, its culture and its future goals." This concept is BEST referred to as" A strategic plan An organizational strategy A vision statement A mission statement

A vision statement

"The ability of an organization to resist being affected by an event or the ability to return to an acceptable level of performance in an acceptable period of time after being affected by an event" is called Organizational resilience Business continuity Emergency operations plans Continuity of operations

Organizational resilience

These can change often to meet the changing demands and conditions the overall organization or security department faces. They can be changed without high-level, time consuming executive review process. This BEST describes: Procedures Strategic plans Policies and procedures Policies

Procedures

This theorizes that once the primary needs are satisfied, they are no longer driving needs and are replaced by needs higher in the order. thus when primary needs are satisfied, higher-order needs are predominant. This is considered: Self Esteem Theory Hertzberg's Theory Maslow's Theory Motivation-Hygiene Theory

Maslow's theory

This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants to achieve." this best describes

Organizational Objectives

When dealing with suspected chemical or biological agents that are released from a suspicious package, what should be your FIRST goal? Call the police Look after any staff exposed to the material Call security Limit distribution of the material

Limit distribution of the material

Which of the following is the keystone for continuous improvement in the organization's ability to effectively manage the security of its information assets? ISO/IEC 27001:2005 Generally Accepted Information Systems Security Practices (GAISSP) Red Flag Rules ISO/IEC 27002:2005

ISO/IEC 27001:2005

This facility applied CPTED principles when CCTV cameras were installed, security officers contracted and patrols added along with landscaping modifications to better deter unwanted activities onsite. Which of the following are the three CPTED strategies applied? Mechanical, Organizational and Natural Measures Mechanical, Organizational and Physical Security measures Organizational, Natural and Physical Security measures Organizational, Natural and Personnel measures

Mechanical, Organizational and Natural Measures

In a workplace violence incident, where it is assessed to be an "Urgent-Emergency Situation," which of the following is the MOST appropriate response? Conduct further data collection to determine incident seriousness Perform a violence risk screening Contact the Threat Management Team to initiate the plan Law enforcement and emergency response personnel should be notified.

Law enforcement and emergency response personnel should be notified.

Which of the following mitigation strategies would be considered risk acceptance? Considering the risk by not applying mitigation strategies Purchasing insurance to cover a loss Installing CCTV cameras and other access control measures Applying a system approach to target hardening

Considering the risk by not applying mitigation strategies

Which of the following are considered the MOST important elements of a violence risk assessment program? Behaviour recognition, notification, assessment and adequate response Behavioural recognition, diversion, delay and adequate response Detection, deterrence, delay and response Detection, diversion, delay and response

Behaviour recognition, notification, assessment and adequate response

Following a telephone bomb threat, a search has been conducted of your building and a search team found a suspicious backpack. Which of the following statements BEST describes the action the search team undertake? Physically inspect the backpack and determine the contents. Leave the backpack and location and report to the incident commander Report to the search supervisor and remain available to be a witness to the responding emergency services Take the backpack to the incident commander for inspection

Report to the search supervisor and remain available to be a witness to the responding emergency services

ABC Inc. is in the process of developing a business impact analysis (BIA). After understanding the enterprise business and general risk environment what is the FIRST step of determining the risk? Identifying and prioritizing the assets needing protection Identify the alternate business and staff processes needed for business continuity. Identify the likelihood and probability of a threat event Identify the recovery time objectives for allowable disruption to the organization

Identifying and prioritizing the assets needing protection

Which of the following scenarios would warrent an acceptable undercover investigation? To investigate protected union organizing activities Investigate alleged or suspected employee theft in the workplace To replace some other form of investigaiton method that will likely produce the same results with less time and resources Investigate activities that are permitted or protected by a government statute, rule or regulation.

Investigate alleged or suspected employee theft in the workplace

Implementation of the organization's emergency plan and control of the facility during an emergency incident should be the responsibility of the following person: The organization's senior manager present on site The security manager The senior responding public safety person The senior officer

The organization's senior manager present on site

When establishing internal and external complaint and grievance procedures, which of the following procedures should be included? Levels of the organization excluded from the procedures Identification of the root cause Identification of the penalties for breach of policy Details on the required experience and training of the investigators.

Identification of the root cause

Which of the following types of investigations is considered the "most common type of investigation in many business and organizational setting"? Undercover Compliance Incident Misconduct

Incident

Frontline managers involved in the day-to-day operations of their departments or divisions are their organizations' best resource for realistic budget information and setting their own department budgets. This process is referred to as: Top-down budgeting Zero based budgeting Bottom-up budgeting Combination budgeting

Bottom-up budgeting

Which of the following BEST describes a performance metric applicable for evaluating an employee in an organization? The employee must work better with other workers The worker's supervisor will provide their thoughts about performance The worker's supervisor will observe overall behaviour improvement The employee shall achieve CPP designation within the year

The employee shall achieve CPP designation within the year

Which of the following BEST describes the personnel who are often described as the "first line of defense" in the selection of quality and risk-free application for the organization? Contracted Recruiter Background Investigator Security Manager Human Resource (HR) personnel

Human Resource (HR) personnel

An organization wants to restrict access to internal company information. When designing the access restrictions, which of the following should describe who can access sensitive information? Company personnel or others who have signed a nondisclosure agreement Personnel authorized by the original owner or IT Manager Access is granted based on their position or management level Company personnel who have attended an information security workshop

Company personnel or others who have signed a nondisclosure agreement

Before conducting a risk analysis, particularly a quantitative one, who should determine the evaluation levels? The trainied assesser assigned to the project, regardless of internally or externally resourced A team of security practitioners (internally and externally) resourced with specific expertise on security assessments A multi-disciplinary team of subject matter experts considered stakeholders in the assessment The security manager responsible for the assessment and assessment teams.

A multi-disciplinary team of subject matter experts considered stakeholders in the assessment

Which of the following would be considered one of the greatest legal liabilities an organization faces with security officers? Poor reputation Safety training Lack of honesty Issued a deadly weapon

Issued a deadly weapon

In almost all situations, what is considered a major facotr in the decision to outsource or maintain an internal investigative capacity? Goals Expertise Objectives Cost

Cost

When an interviewer asks the following question: "Explain what you were doing between midnight last night to the time we called you for this interview." What type of question is this? Leading question Open question Accusatory question Closed question

Open question