QUESTION DRILL PHYSICAL SECURITY 020504 - Answers
1. If an intruder is able to circumvent physical access security and is able to take
over control of internal systems, what principle of security is violated?
B: Loss of control over a system is a violation of integrity.
2. Which of the following is not a threat to physical security?
C: A brute force password attack is a violation of technical or logical
security.
3. Which of the following is not considered a form of physical access control?
D: CCTV is considered a technical or logical access control.
4. Which of the following is an example of a physical security administrative
control?
A: Facility construction is an example of a physical security administrative
control.
5. Which of the following is not an example of a physical security technical
control?
B: Personnel controls are an example of a physical security administrative
control.
6. Which of the following is an example of a physical security technical control?
C: Fire detection and suppression is an example of physical security
technical control.
7. Physical security is maintained through three types of controls. Which of the
following is not one of these?
A: Defensive is not a type of physical security control.
8. The study of the facility infrastructure to determine what elements are essential
to the support of physical security is known as?
B: Critical path analysis is the study of the facility infrastructure to determine
what elements are essential to the support of physical security.
9. Which of the following is not a physical security administrative control?
C: Intrusion detection systems is a physical security technical control.
10. When evaluating the security of a new facility or site, which of the following is
the least important?
A: Cost is the least important aspect when evaluating the security of a new
facility or site.
11. Which of the following is the least important aspect of a secured server room?
B: Human compatibility is the least important aspect of a secured server
room. In fact, server rooms are often very incompatible for humans.
12. When evaluating, selecting, and deploying physical security access controls,
what is always the most important?
C: Protection of human safety is always the most important aspect of any
security control.
13. Which of the following is not a physical security physical control?
C: Data backups is a physical security technical control.
14. Which of the following is the least important aspect to consider when selecting
a physical location for a highly secured facility?
D: The proximity to airport flight path is the least important consideration
aspect from this list. In most cases, except for top-secret military facilities,
being in a flight path is inconsequential.
15. When constructing a new building for a secure site, which of the following is
the least important issue to consider in regards to security?
D: The size of the facility is the least important security factor to consider.
16. Which of the following is not an example of a physical security physical
control?
D: Data backups are an example of a physical security technical control.
17. Which of the following is an example of a physical security physical control?
A: Security guards are an example of a physical security physical control.
18. Which of the following is the least important aspect to consider when selecting
a security facility location?
B: Cost is the least important aspect when considering a location for a secure
facility (from this list of options).
19. When should hardware be replaced to maintain availability?
D: Hardware should be replaced before it reaches its age of mean time
between failures.
20. Which of the following is not an example of a physical security administrative
control?
D: Alarms are examples of physical security technical controls.
21. Which of the following is not a benefit of a human incompatible
server/computer room?
A: A human incompatible server room cannot serve as an emergency shelter,
this is a disadvantage.
22. When physical security is violated and damage occurs to the computer
hardware itself, this is a violation of what principle of security?
A: Physical damage is a violation of availability.
23. Which of the following is the least important aspect to consider when selecting
a security facility location?
C: Size is the least important aspect when considering a location for a secure
facility (from this list of options).
24. Which of the following is the least important aspect to consider when
designing the interior of a security facility?
D: Consistency in decorating scheme, such as the color and texture, are the
least important aspect of a facility's interior when designing security.
25. Which of the following is not an important physical security factor when
considering the security of windows?
A: UV reflection or blocking is the least important factor in regards to
security when considering windows.
26. Which of the following is a direct physical threat to maintaining the integrity
of hosted data?
C: Physical damage to access consoles is a direct physical threat to
maintaining the integrity of hosted data.
27. Which of the following represents a threat to confidentiality, integrity, and
availability?
A: Theft of a laptop represents a threat to confidentiality, integrity, and
availability.
28. Which of the following is not considered a physical security emergency?
B: Intrusion attempts through communication links is a technical or logical
security emergency, not physical.
29. Which of the following is not an important physical security factor when
considering the security of flooring?
B: The texture of following is the least important physical security factor
when considering the security of flooring.
30. Internal partitions are useful for creating?
C: Partitions are useful for creating separate work spaces.
31. Which of the following should be used to provide sufficient security and
separation of areas with various levels of sensitivity and confidentiality?
D: Floor to ceiling permanent walls should be used to provide sufficient
security and separation of areas with various levels of sensitivity and
confidentiality.
32. Which of the following is not a human threat to physical security?
C: Utility loss is a threat of physical security that can be caused by humans,
but it can also be caused by natural disasters. This is the best answer for this
question.
33. The most important factor when designing and implementing physical security
solutions is?
D: Personnel safety is always the most important factor when designing and
implementing physical security solutions.
34. To protect the data center from threats to physical security, what should be
done?
A: The data center should be placed in the center or core of a facility for the
maximum protection from threats to physical security.
35. When designing a facility to provide protection for sensitive electrical
equipment, what is the most important factor?
B: The most important factor when protecting sensitive electrical equipment
is the electrical conductance of the flooring material or the likelihood of
generation and sparking of static electricity.
36. Secure and protected computer rooms or data centers should be all but which
of the follow?
C: A computer room or data center need not be human compatible to be
secure and protected.
37. The momentary increase in power often experienced at the moment when a
device or a power system is turned on is known as?
D: An inrush is the momentary increase in power often experienced at the
moment when a device or a power system is turned on.
38. The short duration of an interfering disturbance in the power line is known as?
A: A transient is a short duration of an interfering disturbance in the power
line.
39. The radiation generated by the difference in power of the hot and neutral wires
of a circuit is known as?
B: Traverse modem noise is the radiation generated by the difference in
power of the hot and neutral wires of a circuit.
40. The second most important aspect of a physical security mechanism, after
protecting human safety, is?
A: The cost benefits of a physical security mechanism are second most
important after human safety. If a mechanism costs more to implement and
maintain that the assets it is protecting, then it should not be deployed.
41. Physical security mechanisms should always?
B: Physical security mechanisms should always comply with laws and
regulations.
42. To control costs while maintaining a reasonable level of protection against the
failure of hardware, you should?
C: Obtaining a service level agreement with a hardware vendor provides a
reasonable level of protection against the failure of hardware.
43. Which of the following is not an effective means to eliminate or reduce power
line noise?
C: Cables with fewer twists will increase the likelihood of power line noise.
44. According to the ANSI standard, at what point of a drop in power between the
power source and the meter is a brownout declared?
D: According to the ANSI standard, at a drop of 8% in power between the
power source and the meter is a brownout declared.
45. Which is not a Water-based Fire protection System?
D: An Infared flame detector is not a water based fire protection system in
itself. It can be used inconjunction with other water based systems. The
infared flame detector reacts to emissions from flame.
46. Hardware components should be replaced when?
D: Hardware components should be replaced before their mean time
between failure (MTBF) time period expires.
47. The hardware component rating of mean time to repair (MTTR) is used for
what purpose?
A: The mean time to repair (MTTR) is used to determine how often to
expect to repair a device.
48. Which of the following is not considered an adequate protection means for a
mission critical server?
B: A surge protector, while useful and recommended, is not the best option
from this list of power protection devices for a mission critical server.
49. A momentary loss of power is known as?
C: A fault is a momentary loss of power.
50. Radio frequency interference (RFI) can be caused by all but which of the
following?
B: Cement walls do not cause radio frequency interference (RFI), but may
actually reduce it.
51. A pre-employment screening process should include all but which of the
following?
C: A supervisor review can only occur after a worker has been employed for
a length of time. This is not an element of the pre-employment screening
process.
52. Which of the following is not an element that should be a part of on-going
employee checks?
D: Termination of physical access should occur as an element of the postemployment or termination procedures, not as part of on-going employee
checks.
53. What is the ideal operating humidity for a data center room?
B: The ideal operating humidity for a data center room is 40-60%.
54. Static electricity discharges over ___________ volts are possible on low-static
carpeting with very low humidity.
C: Static electricity discharges over 20,000 volts are possible on low-static
carpeting with very low humidity.
55. A static discharge of , volts is sufficient to cause which of the following forms
of damage?
D: A static discharge of , volts is sufficient to scramble a monitor display.
56. A static discharge of only __________ volts is sufficient to cause a printer jam
or serious malfunction?
A: A static discharge of only 4,000 volts is sufficient to cause a printer jam
or serious malfunction
57. When selecting a fire extinguisher to use against burning liquids, you should
not select one which uses?
D: Water should never be used to attempt to extinguish burning liquids. In
most cases, water will help spread the fire rather than suppress it.
58. What is the most effective suppressant for electrical fires?
A: CO or Halon are most effective against electrical fires. Type C fire
extinguishers use CO, Halon, or a Halon replacement to suppress electrical
fires.
59. In a data center, what is the best choice for a hand-held fire extinguisher?
B: Type C fire extinguishers use CO, Halon, or a Halon replacement to
suppress electrical fires. Type C is the best choice for a data center.
60. The termination procedure may include all but which of the following?
A: The issuing of photo ID is an element of the employment or hiring
procedures, not the termination procedures.
61. Which of the following is not an administrative control for maintaining
physical security?
B: Assigning a user account logon rights is a logical or technical control for
maintaining logical or technical security.
62. When maintaining administrative controls to protect physical security in the
event of a disaster or emergency, all but which of the follow should be
performed?
C: Risk analysis is not an element of maintaining administrative controls to
protect physical security. Instead, risk analysis is used to select the
safeguards to implement and re-evaluate their effectiveness, not in the
maintenance of a selected security solution.
63. The most appropriate form of fire suppression mechanism for data centers is?
B: A gas discharge system is most appropriate for data centers since a gas
can be selected that will cause the least damage to the equipment in the event
of a real or a false alarm release of the suppression medium.
64. A gas discharge system suppresses fires by what means?
C: A gas discharge system suppresses fires by means of oxygen
displacement.
65. Why is Halon being replaced whenever possible and not being used when new
fire suppression gas-discharge systems are installed?
D: Halon degrades into toxic chemicals at 900 degrees.
66. A benefit of security guards is what?
A: A benefit of security guards is their ability to offer discriminating
judgment on site.
67. The most suitable replacement for security guards is?
B: For certain situations, dogs are the most suitable replacement or
alternative for security guards.
68. The benefit of guards dogs is?
C: Guard dogs are excellent tools for perimeter security control.
69. Fire detectors respond to a fire through a sensor that detects one of all but
which of the following?
C: Fire detectors do not sense the sound of fire. Intrusion detection alarms or
certain types of motion detectors use sound (such as glass breaking or the
change in a steadily broadcast frequency) to detect movement.
70. What type of flame or fire detector is considered the most expensive but also
the fastest in detecting fires?
D: Flame actuated fire detectors are considered the most expensive but also
the fastest in detecting fires.
71. What form of water-based fire suppression systems is considered the most
inappropriate for data centers?
A: Deluge systems are a form of dry pipe system, but with a larger volume
of water. Deluge systems are not recommended for data centers.
72. What physical security mechanism is the most recognized means of defining
the outer perimeter of a secured or controlled area?
D: Fencing is the most recognized physical security mechanism used to
define the outer perimeter of a secured or controlled area
73. Casual trespassers are usually deterred by what?
A: Casual trespassers are usually deterred by a fence a minimum of 3 to 4
feet high. They are also deterred by stronger or higher means, such as a fence
feet high. However, this question asked only for a deterrent against just
casual trespassers, not stronger mechanisms of trespassing protection.
74. The most effective means to contain a subject while the authentication process
is performed so that in the event of a failure a security guard response can
result in the capture of the subject is what?
B: A mantrap is the most effective means to contain a subject while the
authentication process is performed so that in the event of a failure a security
guard response can result in the capture of the subject. In a mantrap, a subject
must enter a small room that has both doors locked. Only after a successful
authentication is the inner door opened for entry. If the authentication fails, a
security guard is notified and the subject is detained within the enclosure.
75. The most commonly used ecological replacement for Halon in gas discharge
systems is?
A: FM-200 is the most commonly used ecological replacement for Halon in
gas discharge systems.
76. Which of the following is not an ecological replacement for Halon in gas
discharge fire suppression systems?
B: Neon is not a fire suppression medium.
77. When a Halon or equivalent gas discharge fire suppression system is triggered
to stop a fire, which of the following is responsible for causing the lease
amount of damage to the computer equipment?
C: The suppression medium, Halon or its replacement equivalents, are
designed to cause little or no damage to electrical equipment.
78. The benefits of a security guard include all but which of the following?
D: Being susceptible to social engineering or any form of intrusion or attack
is a disadvantage of any security mechanism, include security guards.
79. Information on magnetic media can be destroyed by all but which of the
following?
B: OS based formatting will not destroy the data on media in most cases.
80. The only way to absolutely prevent data remenance from being extracted from
electronic media is to?
C: The only way to absolutely prevent data remenance from being extracted
from electronic media is to destroy it by cremation.
81. When a media is to be re-used in the same environment, which of the
following is minimally sufficient to prevent unnecessary disclosure?
D: Clearing is the process of overwriting a media so it can be re-used in the
same environment. It is not as thorough as a purge, but sufficient as long as
the security classification remains constant.
82. The most commonly deployed form of perimeter protection is?
C: The most commonly deployed form of perimeter protection lighting.
83. Which of the following is correct?
D: This statement is correct. The NIST standard for perimeter protection
provided by light is that critical areas should be illuminated by 2 candle feet
power at 8 feet in height.
84. The use of closed circuit television (CCTV) for monitoring live events is
considered what form or type of security control?
A: The use of closed circuit television (CCTV) for monitoring live events is
considered a preventative form of security control.
85. What is a sag?
B: A sag is momentary low voltage.
86. An initial surge of power at the startup of a device or system is known as?
C: An inrush is an initial surge of power at the startup of a device or system.
87. The radiation generated by the electrical difference between the hot and neutral
wires is known as?
D: Traverse-mode noise is the radiation generated by the electrical difference
between the hot and neutral wires.
88. Which of the following is not an effective protection measure against electrical
noise?
A: Increasing voltage is not an effective means to reduce noise, often
increased voltage creates more noise.
89. What is always the most important aspect of physical security?
C: Safety of people is always the most important.
90. All but which of the following should be true of physical security mechanisms?
D: Physical security should employ both obvious and apparent as well as
subtle and unseen mechanisms.
91. To ensure ongoing operation and to maintain security (especially availability),
hardware components should be replaced how often?
A: To maintain security and operation, hardware should be replaced just
before or at the end of the time period defined by the mean time between
failures.
92. Static electricity generated by a human on non-static carpeting in a low
humidity environment can exceed __________ volts.
B: Static electricity generated by a human on non-static carpeting in a low
humidity environment can exceed 20,000 volts.
93. Which of the following is not an important aspect of candidate screening when
hiring a new employee?
A: Awareness training is not an aspect of candidate screening, it is an aspect
of post-hiring job training.
94. Which of the following is the least important aspect of employee termination in
relation to security?
C: Return of personal belongings should be performed, but is the least
important aspect of employee termination from a security perspective.
95. The definition of a brownout according to the ANSI standards is the condition
when there is an _________ drop between the power source and the meter or a
__________ drop between the meter and the wall.
B: The definition of a brownout according to the ANSI standards is the
condition when there is an 8% drop between the power source and the meter
or a 3.5% drop between the meter and the wall.
96. The ideal operating humidity for electronic components is?
C: The ideal operating humidity for electronic components is 40 - 60 %.
97. Low humidity causes?
C: Low humidity causes static.
98. At what voltage of a static discharge will permanent chip damage occur?
D: 17,000 volts can cause permanent chip damage.
99. Why is halon no longer available for newly installed fire suppression systems?
A: Halon has been removed from the market for new systems because it
degrades into toxic chemicals at high temperatures.
100. What type of fence or boundary is minimally required to deter casual
trespassers?
C: A to 3 to 4 foot fence is minimally required to deter casual trespassers.
101. What is the most common from of physical security control deployed on the
perimeter of a facility?
A: Lighting is the most common form of perimeter security control.
102. What is the most important aspect of emergency response and reaction
procedures?
D: Protection of personnel safety is always the most important factor.
103. What is the order in which security controls should function in the protection
of a physical asset?
A: Physical security controls should be deployed so that initial attempts to
access physical assets is deterred (i.e, boundary restrictions). If deterrence
fails, then direct access to the physical asset should be denied (i.e. locked
vault doors). If denial fails, then the intrusion should be detected (i.e. motion
detectors). Then the intrusion should be delayed sufficiently for response by
authorities (i.e. a cable lock on the asset).
104. Which of the following results in the violation of all three principles of the
CIA triad?
B: Theft of a laptop due to a cable lock failure causes a violation of all three
principles of CIA.
105. What is the NIST standard for lighting when it is used for perimeter
protection?
B: The NIST standard is 2 foot-candles of power at 8 ft high for perimeter
security lighting.
106. What is the most secure location to store backup media?
D: Off-site is always the most secure location to store backup media.
However, security controls at the offsite location must be maintained. The
security of off-site storage is to prevent the backup media from being
affected by the same disaster that destroys or damages the primary facility.
107. When an unauthorized person gains access into a facility by following an
authorized person through a controlled access point, this is called?
B: Piggybacking occurs when an unauthorized person gains access into a
facility by following an authorized person through a controlled access point.
108. A Class C fire extinguisher may employ which of the following suppression
mediums?
A: A Class C fire extinguisher may contain CO, halon, or a halon equivalent
or replacement.
109. Which form of fire suppression system is least recommended for a computer
center?
D: Deluge is inappropriate for computer centers.
110. Which of the following is not one of the three elements or aspects of a fire
that can be removed to extinguish a flame?
C: Removing humidity will not extinguish a flame.
111. Which type of fire detection and suppression systems is most prone to false
alarms?
C: Rate of rise systems are most prone to false alarms (i.e. sprinkler
triggering).
112. Which of the following does not require secure destruction to prevent re-use
when it is no longer required or needed within a secured environment?
C: Video cards do not need to be destroyed.
113. Which of the following is a benefit of dogs?
B: Dogs are often more reliable than guards, this is a benefit.
114. A room that is both secure and safe should have what?
B: A secure and safe room has no more than two doors. This allows to
avenues of safe escape in the event of an emergency while limiting the
number of access points that must be monitored.
115. When closed circuit television is used to record live events, this is what type
of physical security control?
C: CCTV recording is a detective security control.
116. A double set of doors used to protect an entry into a highly secured area
which is often monitored by a guard is known as?
D: A man-trap is a double-door system used to control entry into a secured
area often monitored by a guard.
117. If an intrusion detection and alarm system is to employ a local audible alarm,
from what distance must the alarm be heard?
A: An audible alarm must be heard from at least 400 ft.
118. An electrical fire can be safely and properly extinguished using what class of
fire extinguisher?
C: Only class C extinguishers are rated for electrical fires.
119. Which of the following is not a benefit of using guards for perimeter
security?
A: Guards are overall unreliable due to the fact that they are human, prescreening may have failed, they could be improperly trained, they take
vacations, become ill, may perform substance abuse, and are vulnerable to
social engineering.
120. What fire detection system acts as a early warning mechanism?
D: An ionization detector can serve as an early warning system for fire
detection.
121. Which of the following is not a replacement for halon?
C: Halon 1301 is just a gaseous form of halon, it is not a halon replacement.
122. When an FM- fire suppression system is discharged to manage a fire in a
computer center, which of the following elements would be least responsible
for causing physical damage to the equipment?
D: The suppression medium of FM- will be the cause of the least amount of
damage to equipment since it does not leave a residue on equipment.
123. Which of the following is not an element in an automatic intrusion detection
and alarm system designed to monitor for facility breaches?
D: CCTV requires a human and therefore is not used as part of an automated
intrusion detection and alarm system.