The 200 Flashcards
When it is necessary to question a witness about sexual deviation, all the following should be avoided except:
A. Using street language
B. Giving the impression of being avid to develop the facts
C. Leaving the impression of suspecting the subject of being a sex deviate
D. Allowing the witness to frame the testimony in his or her own words
D
When designing security for an elementary school, classrooms should have a clear unobstructed view of entry roads. In CPTED, this describes:
A. Traffic calming
B. Mechanical surveillance
C. Natural surveillance
D. Natural access control
C
Which of the following is not a correct statement, as a general rule, involving the protection of proprietary information?
A. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship
B. By operation of common law, employees are presumed to be fiduciaries to an extent that they may not disclose secrets of their employers without authorization
C. Other than the employees, any other persons to be bound to secrecy must agree to be so bound
D. Any agreement to be bound must always be in writing and are not implied from acts
D
A set of criteria, guidelines, and best practices that can be used to enhance the quality and reliability of products, service, or processes, is the definition for which of the following?
A. Guideline
B. Standard
C. Regulation
D. Code
B
The four (4) elements of emergency management are which of the following?
A. Planning, policies, preparedness, and response
B. Mitigation, policies, response, and recovery
C. Mitigation, preparedness, response, and recovery
D. Planning, preparedness, countermeasures, and recovery
B
Unclassified material should be marked:
A. ‘Unclassified’ at the top of the page
B. ‘Unclassified’ at the bottom of the page
C. ‘Unclassified at the top and bottom of the page
D. With no marking
D
Which concept can be used to analyze the need for security personnel in a physical protection system - for example for alarm assessment?
A. The ‘four eyes principle’ concept
B. The ‘necessary human being’ concept
C. The ‘linking pin’ concept
D. The ‘human back-up’ concept
B
A successful security design recognizes technological developments and integrates which three elements?
A. Architectural aspects; security systems; and operational factors
B. Architectural aspects; personnel; and effective PPS
C. PPS; personnel and procedures
D. PPS; personnel and security awareness programs
A
Adoption of ESRM propels the security program towards …
A. … lower risk levels
B. … reduced security costs
C. … a higher level of risk awareness
D. … constant improvement
D
In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This best describes which of the following?
A. Business ethics
B. Government regulations
C. Corporate law
D. Civil law
A
When designing objectives or goals, they must be SMART. This acronym stands for which of the following:
A. Strategic; Measurable; Attainable; Relevant; Time-bound
B. Strategic; Metric-based; Accountable; Relevant; Time-bound
C. Specific; Measurable; Accountable; Reliable; Time-bound
D. Specific; Measurable; Attainable; Relevant; Time-bound
D
Identifying residual risk is MOST important to which of the following concepts?
A. Risk deterrence
B. Risk acceptance
C. Risk mitigation
D. Risk avoidance
B
A protection system’s individual applications and components should be integrated and converged so that they provide an equal level of protection. This concept is known as:
A. Security in depth
B. Balanced protection
C. Convergence
D. Onion approach
B
Network devices typically communicate using a worldwide internet standard for communication, also called:
A. TCP/IP
B. DNS Servers
C. WIN Servers
D. Web Proxies
A
A key element in the information asset protection (IAP) risk assessment process is a thorough study of existing and projected threats. What are the categories?
A. Historical, current and future threats
B. Man-made, natural and intentional
C. Intentional, natural and inadvertent threats
D. Internal, external and government
C
Which common non-probability sampling method requires recruitment of participants via other participants?
A. Stratified sampling
B. Snowball sampling
C. Cluster sampling
D. Random sampling
B
This organization prepares safety standards primarily as a guide to security device manufacturers, and then certifies whether devices submitted to the laboratories for approval meet those standards. This organization is called:
A. Underwriters Laboratories (UL)
B. International Standards Association (ISO)
C. American National Standards Institute (ANSI)
D. American Society for Testing and Materials (ASTM)
A
An assessment approach that is used to evaluate target attractiveness and includes criticality, accessibility, recuperability, vulnerability, effect and recoverability is BEST described as the:
A. Vulnerability assessment
B. Risk assessment
C. CARVER assessment
D. Security survey
C
What is an integral component to any travel security program, and especially to executive travel?
A. An agreement with a global risk organization
B. A user-friendly mobile travel app
C. An in-house travel agency
D. A risk assessment of the travel destination
D
Which of the following sensors relies on the Doppler frequency shift between the transmitted and received signal caused by a moving object within the energy field?
A. Capacitance sensors
B. Proximity sensors
C. Microwave sensors
D. Passive infrared sensors
C
Which of the following statements best describes the “statement of work”?
A. Details what work should be included in the contract
B. Outlines the invitation for bids and the specification list
C. Outlines the list of specific equipment and software along with costs
D. Outlines the performance criteria and specifications
A
When in the procurement stage, an invitation for bids (IFB) will list specific equipment and software and request prices from the contractors to supply the specific items and install them. This is best described as:
A. Design estimation
B. Design specification
C. Design planning
D. Design evaluation
B
In the Plan-Do-Check-Act (PDCA) cycle, this is the most critical stage and calls for identifying and analyzing the organization’s problems and events that could disrupt operations and assets. This step is referred to as which part of the cycle?
A. Plan
B. Do
C. Check
D. Act
A
An uncertain situation where a number of possible outcomes might occur, one or more of which is undesirable, BEST describes which of the following?
A. Risk
B. Threats
C. Loss
D. Targets
A
When should a project team, involved in selecting security countermeasures, consider supplementing the team with outside consultants?
A. When a project has a unique purpose and an explicit goal to be completed on-time
B. When the skills needed are not available within the project team
C. When a project had a primary sponsor or customer who provides funding
D. When a project is temporary
B
In order to be legally acceptable, whatever the evidence, it must be competent, relevant, and:
A. Necessary
B. Material
C. Pertinent
D. Useful
B
After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?
A. Information Security Awareness
B. Social Media and BYOD
C. Data Handling and Disposal
D. Acceptable Use of IT Systems
A
Which of the following best describes the following?
“This equipment is primarily used to:
- Detect activities that call for a security response
- Collect images of an incident for later review
- Assist with incident assessment”
A. CCTV surveillance
B. Video surveillance
C. Intrusion detection
D. Access control
B
Most of the information gleaned during the investigative process comes from:
A. Surveillance
B. Undercover
C. Interviews
D. Internet
C
Which of the following best describes the document that tells how much money an organization generates (revenue), how much it spends (expenses) and the difference between those figures (net income)?
A. Balance sheet
B. Income statement
C. Expense sheet
D. Cash flow statement
B
The main principle of tendering is that:
A. Bidders must be able to offer low prices
B. Bidders must be able to offer the best quality
C. There should be open and fair treatment of suppliers
D. Bidders must be able to offer the best value for money
C
Access to internal company information should be restricted. Which of the following best describes who can access sensitive information?
A. Personnel authorized by the original owner or IT Manager.
B. Company personnel who have attended an information security workshop.
C. Company personnel or others who have signed a nondisclosure agreement.
D. Access is granted based on their position or management level.
C
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
A. Enticement
B. Entrapment
C. Deceit
D. Sting
B
The type of glass that is often used for both safety and security purposes because it is three to five times stronger than regular glass and five times as resistant to heat is:
A. Reflective glass
B. Coated glass
C. Wired glass
D. Tempered glass
D
Which of the following lighting systems have the best color rendition for night lighting?
A. Mercury vapor
B. Metal halide
C. Low pressure sodium
D. High pressure sodium
B
When implementing ESRM, security professionals should have a comprehensive understanding of four elements regarding the context in which the organization operates:
Mission and vision (1); Core values (2); Operating environment (3). What is the fourth one?
A. Risk appetite
B. Stakeholders
C. Governance
D. Mitigation
B
Which of the following factors, besides relative value, and criticality, is considered when determining asset value?
A. Net value
B. Loss expectancy
C. Replacement value
D. Location
C
Under the defensible space concept, which of the following are areas created as a buffer between public and private zones and have design features for establishing definite and clear transitional boundaries?
A. Semi-private zones
B. Clear zones
C. Buffer zones
D. Controlled zones
A
The timing of the removal of the undercover operative is one of the most frequently debated subjects among undercover supervisors. How long should the operative be kept in place?
A. Removed as soon as possible to save costs
B. Should be kept in place as long as possible.
C. Should be removed as soon as possible when evidence is gained
D. Removed upon direction from the senior management.
B
Information warranting protection must be appropriately identified and marked. Various levels are used to distinguish the degree of sensitivity or the degree of protection warranted: confidential, restricted, limited, non-public, etc. Who is best suited to define the security level?
A. The Security Manager
B. The IT Manager
C. The IT Security Manager
D. The originator of the information
D
Which of the following is not true regarding electronic eavesdropping?
A. A listening device installed in a wire will cause a crackling sound, click, or other noise that can be heard on the line
B. An effective countermeasure to detect evidence of electronic eavesdropping in telephone equipment should be conducted by a person who is technically familiar with such equipment.
C. An effective countermeasure would be to conduct a physical search as well as an electronic search.
D. All wiring should be traced and accounted for.
A
Which of the following is suggested as part of evaluating an inadvertent threat?
A. Long-term data collected on weather and other natural hazards, terrains, and environments
B. Evaluate information provided by neighboring businesses for natural events which have caused losses
C. Unexpected natural events can occur, so some degree of all-hazard preparedness is evaluated
D. Utility interruptions, closure of access routes, unwanted attention, or traffic, full or partial operation shutdowns and productivity disruptions
D
‘Employment of services, equipment and techniques designed to locate, identify and neutralize the effectiveness of covert technical surveillance devices’ is the definition for which of the following?
A. Technical surveillance countermeasures
B. Contracted investigation services
C. Technical Security Services
D. Contracted counter-surveillance
A
Which insurance policy covers civil liabilities to third parties, arising from bodily injury, property damage, or other wrongs due to the action or inaction of the insured?
A. Property insurance
B. Indemnity insurance
C. Casualty insurance
D. Liability insurance
D
The following theory asserts that managers should avoid quick fixes. Manipulating hygiene factors may alleviate dissatisfaction but will not result in a state of satisfaction. Allowing an individual to reach a state of satisfaction requires changes in the work content itself, such as increased autonomy or responsibility. This is best described as part of which of the following theories?
A. Maslow’s Theory
B. McGregor’s Theory
C. Hertzberg’s Theory
D. Hertzberg’s Theory
C
In which stage of incident response does a team analyze the incident anddetermine steps to prevent a future occurrence?
A. Mitigation
B. Identification
C. Preparation
D. Post-event
D
Risk assessments are dependent upon the type of risk, purpose of the analysis, resource limitations, the information available to the assessor, and the availability of metrics. Risk may be assessed by using a suitable approach. Which type of analysis relies on probabilities and statistics using mathematical formulas and calculations to interpret numbers, data, and estimates?
A. Probabilistic analysis
B. Prospective analysis
C. Qualitative analysis
D. Quantitative analysis
D
The process designed to systematically identify and evaluate an organization’s assets based on the importance of its mission or function, the group of people at risk, or the significance of a disruption on the continuity of the organization.
A. Qualitative risk assessment
B. Criticality analysis
C. Risk identification
D. Loss event profile
B
As security manager of an industrial site, which methodology would you use in a security assessment conducted in the form of a penetration test?
A. Inside-Outward methodology
B. SWOT analysis methodology
C. Outside-Inward methodology
D. Functional (security discipline) methodology
C
A psychopath can often pass a polygraph test with a clean record because of the following characteristic:
A. Uncooperative attitude
B. Unstable personality
C. An inferiority complex
D. An abnormal lack of fear
D
Insurance coverage on an asset is considered the most common form of what type of risk management mitigation approach?
A. Risk Spreading
B. Risk Reduction
C. Risk Transfer
D. Risk Acceptance
C
Which of the following types of investigations is considered the ‘the most common type of investigation’ in many business and organizational settings?
A. Incident
B. Misconduct
C. Compliance
D. Undercover
A
In incident command management, when an incident requires public safety response, who becomes the incident commander?
A. The security manager
B. The senior member of the organization’s leadership
C. The senior member of the responding agency
D. The senior member of the responding security team
C
As the Senior Security Executive of a multinational organization, you are considering outsourcing the security services function. What would be one of the advantages of using contract staff (employed by a security services firm) in comparison to using proprietary or in-house staff for security in your organization?
A. More direct control over security personnel
B. Greater flexibility in staffing levels (up- or downsizing).
C. Lower turnover due to a higher sense of employee loyalty to the organization
D. Guaranteed risk mitigation through the outsourcing structure
B
One of the following is not considered an element of the common law crime of arson:
A. Commercial building
B. Maliciousness
C. Burning
D. Willfulness
A
Badges are an important security tool for:
A. Layered defense
B. Identification
C. Defense in-depth
D. Security awareness building
B
Active intrusion sensors transmit a signal from a transmitter and, with a receiver, detect changes or reflections of that signal. When the transmitter and the receiver are separated, what type of installation would this be called?
A. Mono-static
B. Bi-static
C. Passive
D. Active
B
It is becoming increasingly more difficult to do a good preemployment background investigation because of:
A. The expense
B. The lack of skilled investigators
C. Various rulings and court decisions that inhibit the use of techniques or instruments available
D. The uncooperative attitudes of persons interviewed
C
Confidentiality of information may be protected by different techniques. These include system protections, encryption, and the AAA triad. What does the AAA triad refer to?
A. Access, Availability, Authorization
B. Authentication, Authorization, Auditing
C. Access, Authentication, Auditing
D. Authorization, Approval, Access
B
The tendency to search for, interpret, favor, and recall information in a way that confirms or supports one’s prior beliefs or value, is known as:
A. Confirmation bias
B. Inherent bias
C. Memory bias
D. Cultural bias
A
These are based on the investigative goals but are more specific and may be more short-lived. They are generally measurable and can be used to gauge the progress, success, or achievement of an investigative unit. They are BEST described as:
A. Metrics
B. Objectives
C. Strategies
D. Ethics
B
A security team has established a security awareness program. Which of the following would BEST prove the success of the program?
A. Policies
B. Procedures
C. Metrics
D. Standards
C
“The process of establishing a sense of ownership, responsibility and accountability among property owners, managers or occupants to increase vigilance in identifying trespassers.” Which of the following terms BEST meets this CPTED description?
A. Target Attractiveness
B. Natural Territorial Reinforcement
C. Random Activity Theory
D. Neighborhood Watch
B
What does the term “noise” refer to in the context of interpersonal communication?
A. Distractions in the external environment
B. Any distortion that interrupts what is received and what is sent
C. Non-verbal communication of the sender and receiver
D. Too many team members talking simultaneously during a meeting
B
Which of the following is the best description of tailgating?
A. Following someone through a door they just unlocked
B. Figuring out how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk
A
This defines why the business exists, is essential for developing organization-specific management practices and how it will maintain itself as a profitable, viable entity not only in the moment but also three to five years out. This is called a:
A. Organizational strategy
B. PEST plan
C. STEP strategy
D. SWOT plan
A
To effectively involve the law for the protection of sensitive information, the owner of the proprietary information must be able to show ‘objective indications of attempts to protect secrecy’.
Which of the following has not been recognized in the past as such an indication?
A. Use of warning signs to alert employees to sensitive data and the places it is stored
B. Separately storing sensitive information in security containers with the appropriate security precautions
C. Employing a system with cyclical redundancy checks
D. Restrictions to nonemployee access to places containing sensitive information
C
What type of material would be better for a storefront in terms of resistance to breakage and resistance to overall deterioration?
Laminated glass
Wired glass
Bullet-resistant glass
Acrylic material
C
If the total assets on an organization’s balance sheet equals € 5 million and the equity € 3 million, what will the total value of liabilities be?
€ 5 million
€ 8 million
€ 2 million
€ 3 million
C
Which statement BEST describes “non-verbal” responses?
Both spoken words and gestures that serve as word substitutes, such as nodding the head to indicate yes.
Voice characteristics such as tone, pitch, speed and clarity.
Body movements, position changes, gestures, facial expressions and eye contact.
Voice characteristics and body movements that indicate deception.
C
These diagrams show complete security subsystems, including all the devices and how they are connected in a building or campus. They are called:
Details diagrams
Plan drawings
Elevation drawings
Riser diagrams
D
Which of the following is not correct regarding benzodiazepine?
This family of depressants is used to relieve anxiety and tension.
This depressant causes muscle spasms and convulsions.
This depressant is safer to use than other depressants.
Excessive use may result in physical and psychological dependence
B
A sentry dog normally does not perform as well at:
Radar sites
Warehouses
Gasoline storage areas
Ammunition storage areas
C
When an adversary defeats an access control point (for example the main entrance) to avoid detection, this is best described as:
Attack by deceit
Technical attack
Direct physical attack
Indirect physical attack
C
Physical security protection in this layer of security measures includes protective lighting, intrusion detection systems, locks, signs, barriers such as fencing, and the building walls itself. Protection of building exterior openings is important. This best describes the ______ layer of protection.
Outer
Middle
Inner
Perimeter
B
Who is best suited to conduct a preliminary search for suspicious packages in the event of a bomb threat?
People who work in that area
The responding fire department
The responding police
Responding security officers
A
Information systems countermeasures are divided into three broad classifications. ‘Management policies, standards, procedures, guidelines, personnel screening and awareness training’ fall into which category of controls?
Administrative controls
Technical controls
Physical controls
Infrastructure controls
A
‘This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve’. This best describes:
Mission Statements
Vision Statements
Strategic Plans
Organizational Objectives
D
What refer to any means one uses to control the flow of access to an area and have the objective to deter or delay the intruder?
Access control
Gates
Fences
Barriers
D
Consider the following scenario: The asset value of your company’s primary servers is € 2 million, and they are housed in a single office building in Arizona. You have field offices scattered throughout the world, so these servers in the main office account for approximately half the business. Tornados in this part of the world are not uncommon, and it is estimated one will level the building every 60 years.
Only considering asset value, which of the following would be the single loss expectancy (SLE) for this scenario?
€ 2 million
€ 1 million
€ 500.000
€ 33.333
A