Let's see how well you did on this test Under what conditions

Let's see how well you did on this test ...

1.

Under what conditions would use of a "Class C" hand-held fire extinguisher be preferable to use of a "Class

A" hand-held fire extinguisher?

Answer: When the fire involves electrical equipment.

Sorry - you had a wrong answer, please review details below.

Source: TIPTON, Hal, (ISC) 2 , Introduction to the CISSP Exam presentation. Available at http://www.cccure.org

.

Thanks to Hal Tipton for contributing this question.

2.

Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader?

Answer: A transponder


A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device and the device responds with an access code. These transponder devices contain a radio receiver and transmitter, a storage place for the access code, control logic, and a battery. A passive device only uses the power from the reader to detect the presence of the card. Card swipes and smart cards are not proximity identification devices.

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide , McGraw-Hill/Osborne, 2002, chapter

6: Physical Security (page 323).

Thanks to Christian Vezina for providing this question.

3.

Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room?

Answer: Encrypt the data on the hard drive.



.


4.

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?

Answer: Eight feet high and two feet out


Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide , McGraw-Hill/Osborne, 2001, Page

325.

Thanks to Nick Mackovski for providing this question.

5.

The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts?

Answer: Static electricity


Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of

Computer Security , 2001, John Wiley & Sons, Page 333.


6.

The main risks that physical security components combat are all of the following EXCEPT:

Answer: SYN flood


SYN flood is not a physical security issue. The main risks that physical security components combat are theft, interruptions to services, physical damage, compromised system integrity, and unauthorized disclosure of information.

From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide , McGraw-Hill/Osborne, 2002, page 291.

Thanks to Jane E. Murley for providing this question.

7.

Which of the following questions is less likely to help in assessing physical and environmental protection?

Answer: Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?


Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control.

Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for

Information Technology Systems , November 2001 (Pages A-21 to A-24).


8.

Which of the following is true about a "dry pipe" sprinkler system?

Answer: It minimizes chances of accidental discharge of water.


A wet pipe system has automatic sprinklers attached to a piping network with piping under pressure at all times. The sprinklers are actuated by the heat of a fire. A wet pipe system is generally used when there is no danger of the water in the pipes freezing or when there are no special conditions that require a special purpose sprinkler system.

A dry pipe system is one in which the pipes are filled with pressurized air rather than water. The air uses a mechanical advantage to hold back a device known as a dry pipe valve. A small amount of water, called priming water, is also inside the dry contain either air or nitrogen under pressure. A dry pipe system is used in areas where the water in the pipes is subject to freezing, and to minimize the chances of accidental discharge of water.

Thanks to Peter Mosmans for providing an explanation to this question.

9.

The following are fire detector types EXCEPT:

Answer: acoustical-seismic detection system


Smoke activated, heat activated, flame activated, and automatic dial-up alarms are all types of fire detectors.

The acoustical-seismic detection system is a type of motion detector.

From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide , McGraw-Hill/Osborne, 2002, pages

309-310 and 328.

Thanks to Jane E. Murley for providing this question and to Scot Hartman for reviewing it.

10.

Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires?

Answer: common-mode noise



Computer Security , page 332.

Thanks to Eric Yandell for providing this question.

11.

How should a doorway with automatic locks to a man-operated information processing facility be configured?

Answer: It should be configured to be fail-soft.


Access controls are meant to protect facilities and computers as well as people. In some situations, the objectives of physical access controls and the protection of people's lives may come into conflict. In theses situations, a person's life always takes precedence. Many physical security controls make entry into and out of a facility hard, if not impossible. However, special consideration needs to be taken when this could affect lives. In an information processing facility, different types of locks can be used and piggybacking should be prevented, but the issue here with automatic locks is that they can either be configured as fail-safe or failsoft. Since there should only be one access door to an information processing facility, the automatic lock to the only door to a man-operated room must be configured to be fail-soft, to allow people out in case of emergency.


6: Physical Security (pages 318, 330).


12.

Which is the last line of defense in a physical security sense?

Answer: people


Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement.

13.

Which of the following represents a prolonged high voltage?

Answer: A power surge


A power surge is a prolonged high voltage. A power spike is a momentary high voltage. A power fault is a momentary power out and a power sag is a momentary low voltage.




14.

What can be defined as a momentary low voltage?

Answer: Sag


A sag is a momentary low voltage. A spike is a momentary high voltage. A fault is a momentary power out and a brownout is a prolonged power supply that is below normal voltage.


6: Physical security (page 299).


15.

While referring to Physical Security, what does Positive pressurization means?

Answer: The air goes out of a room when a door is opened and outside air does not go into the room


Positive pressurization means that when an employee opens a door, the air goes out and outside air does not come in.



16.

A prolonged power outage is a:

Answer: blackout


A prolonged power outage is a blackout.



17.

Which of the following questions is less likely to help in assessing physical access controls?

Answer: Is the operating system configured to prevent circumvention of the security software and application controls?


Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical access controls except for the one regarding operating system configuration, which is a logical access control.




18.

What category of water sprinkler system is currently the most recommended water system for a computer room?

Answer: Preaction sprinkler system





19.

Which of the following is an administrative control for physical security:

Answer: training


Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, facility management, personnel controls, training, and emergency response and procedures.


282-283.


20.

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?

Answer: Capacitance detectors


Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field-powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an alarm.


Computer Security , John Wiley & Sons, 2001, Chapter 10: Physical security (page 344).


21.

Devices that supply power when the commercial utility power system fails are called which of the following?

Answer: uninterruptible power supplies



22.

What physical characteristics does a retinal scan biometric device measure?

Answer: The pattern of blood vessels at the back of the eye.



.


23.

What is a common problem when using vibration detection devices for perimeter control?

Answer: They are vulnerable to non-adversarial disturbances.



.


24.

Critical areas should be lighted:

Answer: Eight feet high and two feet out.


Lighting should be used to discourage intruders and provide safety for personnel, entrances, parking areas and critical sections. Critical areas should be illuminated 8 feet high and 2 feet out.

Source: WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 4).

Available at http://www.cccure.org

.


25.

Which of the following suppresses combustion through a chemical reaction that kills the fire?

Answer: Halon




It must be noted that Halon is now banned in most country or cities.


26.

Which of the following controls related to physical security is not an administrative control?

Answer: Alarms


Physical security involves administrative, technical and physical controls. All of the above are considered administrative controls except for alarms, which are considered technical controls.




27.

Which of the following biometrics devices has the highest Crossover Error Rate (CER)?

Answer: Voice pattern


The Crossover Error Rate (CER) is the point where false acceptance rate (type I error) equals the false rejection rate (type II error). The lower the CER, the better the accuracy of the device. At the time if this writing, response times and accuracy of some devices are:

System type Response time Accuracy (CER)

Fingerprints 5-7 secs. 5%

Hand Geometry 3-5 secs.

Voice Pattern 10-14 secs.

Retina Scan 4-7 secs.

Iris Scan 2.5-4 secs.

2%

10%

1.5%

0.5%

Source: Chris Hare's CISSP Study Notes on Physical Security , based on ISC 2 CBK document. Available at http://www.ccure.org

.


28.

A prolonged power outage is a:

Answer: blackout


A prolonged power outage is a blackout.



29.

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following in not a component that achieves this type of security?

Answer: Logical control mechanisms


Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide , McGraw-Hill/Osborne, 2001, Page

280.


30.

The Physical Security domain addresses three areas that can be utilized to physically protect an enterprise's resources and sensitive information. Which of the following is not one of these areas?

Answer: Risks





31.

Guards are appropriate whenever the function required by the security program involves which of the following?

Answer: The use of discriminating judgment


"A guard can make the determinations that hardware or other automated security devices cannot make due to its ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better at making value decisions at times of incidents.

They are appropriate whenever immediate, discriminating judgment is required by the security entity."



Thanks to Christian Vezina for providing details and a reference to this question.

32.

A momentary low voltage is a:

Answer: sag


A momentary low voltage is a sag.



33.

A momentary high voltage is a:

Answer: spike


A momentary high voltage is a spike.



34.

Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?

Answer: When the fire involves electrical equipment




Thanks to Donnie Saunders for providing a reference to this question.

35.

Which of the following statements pertaining to secure information processing facilities is incorrect?

Answer: Windows should be protected with bars.


Windows are normally not acceptable in the data center. If they do exist, however, they must be translucent and shatterproof.




36.

Which of the following statements pertaining to air conditioning for an information processing facility is correct?

Answer: The AC units must be dedicated to the information processing facility.


The AC units used in a information processing facility (computer room) must be dedicated and controllable from within the area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out of the room.

Source: Chris Hare's CISSP Study Notes on Physical Security , based on ISC 2 CBK document. Available at http://www.ccure.org

.


37.

The most prevalent cause of computer center fires is which of the following?

Answer: electrical distribution systems



38.

A prolonged high voltage is a:

Answer: surge


A prolonged high voltage is a surge.



39.

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:

Answer: security budget


Ref: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni.

Thanks to Aisha Green for providing this question.

40.

Which of the following is NOT a system-sensing wireless proximity card?

Answer: magnetically striped card


Magnetically striped cards are digitally encoded cards.




41.

Which of the following is currently the most recommended water system for a computer room?

Answer: preaction


Preaction combines both the dry and wet pipe systems and allows manual intervention before a full discharge of water on the equipment occurs.




42.

At which temperature does damage start occurring to magnetic media?

Answer: 100 degrees


Magnetic media are affected from 100 degrees. Disks are damaged at 150 degrees, computer equipment at

175 degrees.

Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 10 . Available at http://www.cccure.org

.


43.

Which of the following related to physical security is not considered a technical control?

Answer: Locks


Physical security involves administrative, technical and physical controls. All of the above are considered technical controls except for locks, which are physical controls.




44.

Which of the following is the preferred way to suppress an electrical fire?

Answer: CO2 or Halon




It must be noted that Halon is now banned in most country or cities.


45.

Which of the following is the BEST way to prevent software licence violations?

Answer: Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on the PC.


The best way to prevent and detect software license violations is to regularly scan used PCs, either from the

LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC. Other options are not as effective. A corporate policy is not necessarily enforced and followed by all employees.

Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.

Source: Information Systems Audit and Control Association , Certified Information Systems Auditor 2002 review manual , Chapter 3: Technical Infrastructure and Operational Practices (page 108).


46.

Which of the following is not a physical control for physical security:

Answer: training


Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, facility management, personnel controls, training, and emergency response and procedures.


282-283.

Also: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of

Computer Security , John Wiley & Sons, 2001, Chapter 10: Physical Security (pages 339-340).

Thanks to Jane E. Murley for providing this question and to Don Murdoch for providing an extra reference.

47.

A momentary high voltage is a:

Answer: spike


A momentary high voltage is a spike.



48.

Which of the following questions is less likely to help in assessing physical and environmental protection?

Answer: Are procedures in place to determine compliance with password policies?


Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for procedures regarding password policies, which are operational controls related to data integrity.




49.

Which of the following is not EPA-approved replacements for Halon?

Answer: Bromine


The following are EPA-approved replacements for Halon: FM-200, NAF-S-III, CEA-410, FE-13, Water,

Inergen, Argon and Argonite.



Thanks to Johnson Yim for providing this question.

50.

A prolonged power supply that is below normal voltage is a:

Answer: brownout


A prolonged power supply that is below normal voltage is a brownout.



You scored 0 out of 50 (0 %).

Thanks! for using the CISSP OSG test facility

Submit your own questions to improve the test!

Questions and comments can be sent to: cvezina@noos.fr

Let's see how well you did on this test Under what conditions

Products

Support

Let's see how well you did on this test Under what conditions

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib