CISSP HW1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

COSO

Committee of Sponsoring Organizations of the Treadway Commission

An under-voltage in electric power is called: a. Brownout b. Blackout c. Burnout d. Dropout

Choice (a) is the correct answer. A brownout is a condition in which electrical power dips below normal for more than a few seconds and is caused by under-voltage. Brownouts are a result of load near to or equaling generating capacity. A blackout is a complete loss of electrical power (that is, actual failure). Blackouts can result from windstorms, floods, from failures of electronic system equipment, or from human error. A dropout is an area on a disk or tape that cannot effectively record data. Persistent brownouts can cause data corruption and loss and can also cause computer power supplies to overheat and burn out.

What is the first step to do in case of a fire? a. Report the fire b. Extinguish the fire c. Avoid panic d. Do not use elevators

Choice (a) is the correct answer. As part of fire prevention tips, fire should be reported first, and then attempts should be made to extinguish it. Other actions include: never open a "hot" door, pull alarm system, and try to escape.

What can take the heat off the fire safely? a. Water b. Carbon dioxide c. Soda ash d. Halon gas

Choice (a) is the correct answer. Water takes the heat off the fire, and it is safe compared to other choices. Carbon dioxide, soda ash, and Halon can be injurious.

More fire fatalities are caused by which of the following? a. Smoke b. Toxic gases c. Heat d. Flames

Choice (b) is the correct answer. More fire fatalities are caused by toxic gases than by the flames, smoke, or heat.

Which of the following fire types is most common? a. Furniture fires b. Electrical fires c. Paper fires d. Gasoline fires

Choice (b) is the correct answer. Statistics indicate that most fires are electrical in origin. Choices (a) and (c) are Class A fires, while choice (d) is Class B fire.

Which of the following statements is true about physical security and life safety? a. Physical security strives to control entry b. Life safety focuses on providing easy exit from a facility c. Life safety measures are expensive d. It is possible to achieve an effective balance between physical security and life safety

Choice (d) is the correct answer. It is important to understand that the objectives of physical access controls may be in conflict with those of life safety. Simply stated, life safety focuses on providing easy exit from a facility, particularly in an emergency, while physical security strives to control entry. In general, life safety must be given first consideration, but it is usually possible to achieve an effective balance between the two goals. Life safety measures need not be expensive; sometimes least expensive measures work best.

COBIT

Control Objectives for Information and related Technology

CPTED

Crime Prevention Through Environmental Design

ITGI

IT Governance Institute

ISACA

Information Systems Audit and Control Association

ITIL

Information Technology Infrastructure Library

PIDAS

Perimeter Intrusion Detection and Assessment System

Which of the following best describes the relationship between CobiT and ITIL? A. CobiT is a model for IT governance, whereas ITIL is a model for corporate governance. B. CobiT provides a corporate governance roadmap, whereas ITIL is a customizable framework for IT service management. C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them. D. CobiT provides a framework for achieving security goals, whereas ITIL defines a framework for achieving IT service-level goals.

Answer: C. The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not specifically just security needs. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. A customizable framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals. In essence, CobiT addresses "what is to be achieved," while ITIL addresses "how to achieve it."

An instrument that measures atmospheric humidity in a computer room is called a: a. Hygrometer b. Hydrometer c. Barometer d. Voltmeter

Choice (a) is the correct answer. A hygrometer is an instrument that measures atmospheric humidity. A hydrometer (choice b) is an instrument used to determine specific gravity that sinks in a fluid to a depth used as a measure of the fluid's specific gravity. A barometer (choice c) is an instrument for measuring atmospheric pressure, used in weather forecasting and in determining elevation. A voltmeter (choice d) is an instrument for measuring electrical voltage.

Which one of the following fire stages does not produce smoke? a. The incipient stage b. Smoldering stage c. Flame stage d. Heat stage

Choice (a) is the correct answer. A normal fire proceeds through four stages: the incipient, smoldering, flame, and heat stages. In the incipient stage, no smoke is given out. Smoke begins to appear in the smoldering stage. In the flame stage, actual flame can be seen. The heat is intense and building up in the final, heat stage.

Any security measure must be cost-beneficial. UPS systems address electric power failures. Which one of the following cost factors is of least concern to the installation of UPS system? a. The size of the gas fuel supply b. The size of the electric load it can support c. The number of minutes it can support the load d. The speed with which it assumes the load when the primary source fails

Choice (a) is the correct answer. A number of security measures are available to address electric power failures differing in both cost and performance. For example, the cost of a UPS depends on the size of the electric load it can support (choice b), the number of minutes it can support the load (choice c), and the speed with which it assumes the load when the primary power source fails (choice d). An on-site power generator can also be installed either in place of a UPS or in order to provide long-term backup to a UPS system. The size of the gas fuel supply (choice a) is a design decision along with the magnitude of the load the generator will support and the facilities to switch the load from the primary source or the UPS to the on-site generator.

A voltage spike is which of the following? a. It is sharp but brief increase in voltage b. It is slow but brief increase in voltage c. It is sharp but brief decrease in voltage d. It is slow but brief decrease in voltage

Choice (a) is the correct answer. A voltage spike is a sharp but brief increase in voltage, commonly caused by the turning off of heavy electrical loads such as air conditioners or photocopiers. The other three choices are meaningless.

Which one of the following is filled with water? a. A wet-pipe sprinkler system b. A dry-pipe sprinkler system c. A halogenated sprinkler system d. A carbon dioxide sprinkler system

Choice (a) is the correct answer. A wet-pipe sprinkler system is made up of sprinkler devices attached to pipes filled with water. A drysprinkler system contains air under pressure. When a sprinkler is activated, the released air opens valves allowing water into the pipes. Choices (c) and (d) are meaningless.

Which of the following is best to replace the use of personal identification numbers (PINs) in the world of electronic banking? a. Iris-detection technology b. Voice technology c. Hand technology d. Fingerprint technology

Choice (a) is the correct answer. An automated teller machine customer can stand within three feet of a camera that automatically locates and scans the iris in the eye. The scanned bar code is then compared against previously stored code in the bank's file. Iris-detection technology is far superior in terms of accuracy compared to the accuracy of voice, face, hand, and fingerprint identification systems. Iris technology does not require a PIN.

Which of the following statements is true? a. Both mantraps and turnstiles are physical security controls b. A mantrap is a physical security control while a turnstile is a logical access security control c. A mantrap is an environmental security control while a turnstile is a network security control d. Both mantraps and turnstiles are cryptographic security controls

Choice (a) is the correct answer. Both stationary and revolving doors are used in mantraps and turnstiles. Unauthorized individuals entering a data center cannot get out of a mantrap since it is so restrictive in terms of movement. Turnstiles also restrict the movement of an unauthorized individual. Both of these controls are part of the physical security controls within a data center requiring high-level security.

A power brownout condition is which of the following? a. It is a long-term lag b. It is a long-term sag c. It is a short-term lag d. It is a short-term sag

Choice (b) is the correct answer. A brownout condition is a long-term sag. It is a deliberate reduction of voltage output at a power generating station to respond to high demand and thus avoids an outage. Choice (d) is the description of a voltage sag. Choices (a) and (c) are distracters.

Which of the following combination controls is not appropriate to ensure continuity of electric power supply? a. Disk mirroring b. Power line conditioners c. Uninterruptible power supply equipment d. Backup generators

Choice (a) is the correct answer. Disk mirroring is not appropriate to ensure the continuity of electric power supply because it prevents data loss. It is a fault tolerant mechanism because it copies and stores data in two places (disks). Choices (b), (c), and (d) are incorrect because they are needed to provide continuity of electric power supply. Power line conditioners smooth out power fluctuations. Uninterruptible power supply (UPS) equipment provides relief from short power outages. Backup generators support relief from long power outages. Rarely, a single control will suffice to meet control objectives. Rather, a combination of controls is needed to make up a whole and to provide a synergistic effect.

What would you be most concerned with after learning the following about a data center? a. Gun powder is stored in the basement of the building where the data center is also located b. The data center is located near oil storage tanks c. The data center is in close proximity (i.e., between one and two miles) to one engaged in the refinement of highly explosive chemicals or combustible and volatile products d. The data center is five to ten miles away from a nuclear power plant

Choice (a) is the correct answer. Here, critical factors are the distance and the frequency of a certain outcome. Storing gunpowder in the basement of the building where the data center is located is riskier due to close proximity and the frequency with which fire or explosion can occur. The other three locations, although risky, are far away from the basement of a building.

The most important criteria to apply when hiring an outside consultant to advise in selecting eavesdropping and wiretapping countermeasures includes: a. Insurance and bonding b. Education and training c. Previous work references d. Experience and certification

Choice (a) is the correct answer. In addition to education and training, previous work references, experience and certification, it is important to find out about insurance and bonding coverages. The work of a security consultant is confidential and sensitive, which requires bonding.

Which of the following is a safe practice to ensure physical security? a. Deter b. Detect c. Delay d. Deny

Choice (a) is the correct answer. It is preferred to deter attacks against property, whether criminal or not. If not deterred, access to selected areas or properties should be denied. If not denied, attacks that occur should be detected. If not detected in time, attacks should be delayed to allow time for response by authorities.

Which one of the following fire sensors is useful in giving early warning? a. Ionization detector b. Photoelectric smoke detector c. Infrared flame detector d. Thermal detector

Choice (a) is the correct answer. The ionization detector is useful in giving early warning so that human lives can be saved. This is because the ionization detector detects the change of the particles in the air. The photoelectric smoke detector alarms when the source of light is interrupted. The infrared flame detector reacts to emissions from flame. The thermal detector operates on a significant change in temperature.

Which of the following has a bearing on opportunities for electronic surveillance? a. Physical characteristics of a building b. Electrical characteristics of a building c. Mechanical characteristics of a building d. Environmental characteristics of a building

Choice (a) is the correct answer. The physical characteristics of a building have a bearing on opportunities for audio and electronic surveillance. Some of these factors are poor access control designs, inadequate soundproofing, common or shared ducts, and space above false ceilings that enable access for the placement of devices. Physical inspection of these weak areas will hinder penetration.

The least important factor to be considered when selecting an uninterruptible power system is: a. Fuel options b. Electrical load c. Battery duration d. Physical space

Choice (a) is the correct answer. The selection of an uninterruptible power system is governed by three factors, electrical load, battery duration, and physical space. The electrical load represents the capacity for the UPS to supply power to the equipment properly. The battery duration is simply how long the UPS is supposed to support the equipment. Physical space is required for any UPS. Fuel options, whether to use diesel or natural gasoline, can be considered at a later point in the decision making process.

In a fire-extinguishing environment, a dry pipe is: a. A sprinkler system in which the water does not enter the pipes until the automatic sensor indicates that there is a fire in the area b. A sprinkler system in which the water is in the pipe, but the outside of the pipe is dry c. A Halon gas system that contains a dry pipe d. A carbon dioxide (CO2) gas system that has a dry chemical to extinguish a fire

Choice (a) is the correct answer. The sequence of dry-pipe actions is (1) a heat or smoke sensor is activated first, (2) water fills the previously empty pipes leading to the sprinklers, (3) the alarm is sounded, and (4) the electrical power supply is disconnected automatically. Choice (b) is incorrect because water is not in the pipe until the heat or smoke sensor is activated. Choices (c) and (d) are incorrect because the descriptions are meaningless.

Which of the following is the most commonly used sprinkler system? a. Wet-pipe systems b. Dry-pipe system c. Carbon dioxide system d. Halon system

Choice (a) is the correct answer. Wet-pipe systems are the most commonly used and are applicable when freezing is no threat to its operation. The next most popular one is the dry-pipe. The carbon dioxide system is dangerous to people's health and the Halon system cannot be used anymore due to a halt in Halon production.

Which of the following statements about sprinkler systems is not true? a. Sprinkler systems cause water damage b. Sprinkler systems reduce fire damage locally c. Sprinkler systems protect human lives of building occupants d. Sprinkler systems limit fire damage to the building itself

Choice (a) is the correct answer. When properly installed, maintained, and provided with an adequate supply of water, automatic sprinkler systems are highly effective in protecting buildings and their contents. Nonetheless, one often hears uninformed persons speak of the water damage done by sprinkler systems as a disadvantage. Fires that trigger sprinkler systems cause the water damage. In short, sprinkler systems reduce the fire damage, protect the lives of building occupants, and limit the fire damage to the building itself.

A secure and safe room should have which of the following? a. No more than one door b. No more than two doors c. No more than three doors d. No more than four doors

Choice (b) is the correct answer. A secure and safe room should have no more than two doors. These doors should be solid, fireproof, lockable, and observable by physical security staff. One door is for entrance and the other one is for exit according to building fire code. Too many doors will provide too many escape routes for an intruder and not observable by the security staff.

A device or devices that sense(s) vibration or motion is (are) called: a. Vibration detector only b. Seismic detector and vibration detector c. Proximity detector and seismic detector d. Intrusion detector and vibration detector

Choice (b) is the correct answer. A seismic detector is a device that senses vibration or motion and thereby senses a physical attack upon an object or structure. A vibration detector is the same as a seismic detector. A proximity detector is a device that initiates a signal (alarm) when a person or object comes near the protected object. An intrusion detector is a device designed to detect an individual crossing a line or entering an area.

Which one of the following water sprinkler system elements consists of fire-activated devices? a. Water supply b. Water heads c. Water control valves d. Alarm system

Choice (b) is the correct answer. A water sprinkler system consists of the following elements: water supply, fire-activated sprinkler devices (heads), water control valves, and a mechanism to activate the audible alarm system.

Which of the following delays water release? a. Wet pipe b. Preaction pipe c. Water pipe d. Gas pipe

Choice (b) is the correct answer. A wet pipe releases water at a set temperature. The preaction pipe sounds an alarm and delays water release. A water pipe does not delay water release. Gas pipe is a distractor here.

Which of the following security safeguards is ineffective in an on-line application system serving multiple users at multiple locations? a. Procedural controls b. Physical controls c. Hardware controls d. Software controls

Choice (b) is the correct answer. An on-line application system serving multiple users at multiple locations assumes that a network is in place. With a network there is often no centralized computer room with physical security controls that can be implemented. Therefore, physical controls are ineffective. Examples of physical controls include locked doors, intrusion detection devices, security guards, and magnetic badge readers that restrict physical access. Choice (a) is incorrect because procedural controls include instructions to request a user profile, adding and deleting users, and instructions to request database views, etc. Choice (c) is incorrect because hardware controls include fault tolerance devices such as disk mirroring and/or disk duplexing, smart card processing, encryption, parity checks, and switched ports. Choice (d) is incorrect because software controls include user IDs and passwords, smart card processing, encryption, check digits, and message authentication.

Controls such as locked doors, intrusion detection devices, and security guards address which of the following risks? a. Heat failure b. Fraud or theft c. Power failure d. Equipment failure

Choice (b) is the correct answer. Locked doors, intrusion detection devices, and security guards that restrict physical access are important preventive measures to control sabotage, riots, fraud, or theft. Sabotage can be caused by a disgruntled employee as well as by outsiders. Personnel policies should require the immediate termination and removal from the premise of any employee considered a threat. Fraud or theft exposures are reduced by restricting access to information that may be altered. Power failure (choice c) can be controlled by uninterruptible power supply. Heat failure (choice a) may cause inconvenience to employees. Equipment failure (choice d) may result in extended processing delays. Performance of preventive maintenance enhances system reliability and should be extended to all supporting equipment, such as temperature and humidity control systems and alarm or detecting devices.

Mantraps in a computer center are controlled by which of the following? a. A person's body weight and a smart card b. A person's body weight and a biometric feature c. A person's body weight and a magnetic card d. A person's body weight and a personal identification number (PIN)

Choice (b) is the correct answer. Mantraps are used in high sensitive areas and have a built-in weighing scale. The mantrap controlling software looks at a combination of a person's body weight and a biometric feature such as fingerprint scan, hand geometry, facial recognition, iris scan, and voice recognition, and compares to a stored information about that person. Smart cards, magnetic cars, and PINs can be stolen or lost, which are weak form of authentication even when combined with the body weight. Choice (b) authenticates "what the user is," which is stronger than the other three choices.

Water sprinklers operate at what temperatures? a. Between 120 and 130 F b. Between 130 and 165 F c. Between 135 and 145 F d. Between 145 and 160 F

Choice (b) is the correct answer. Most water sprinkler systems operate at temperatures between 130 and 165 degrees Fahrenheit.

The effectiveness of physical security controls is most determined by which of the following? a. Control device used b. Vulnerabilities in the device c. Implementation of the device d. Operation of the device

Choice (b) is the correct answer. Organizations should determine whether intruders could easily defeat the controls (i.e., vulnerabilities) in the access control devices. Until the vulnerabilities are eliminated, implementation and operation of the control device do not matter much.

Which of the following is not appropriate to provide adequate complementary physical access controls? a. ID badge card b. Password c. Magnetic stripe card d. Visitor log

Choice (b) is the correct answer. Passwords provide logical access controls, not physical access controls. The other three are examples of complementary controls. Each control enhances the other. A function or an area need not be weak to use complementary controls. Complementary controls can magnify the effectiveness of two or more controls when applied to a function, program, or operation. Identification (ID) badge cards, magnetic stripe cards, and visitor logs have a synergistic effect in providing a strong physical access control.

Biometrics-based access controls are implemented using which of the following? a. Administrative and directive controls b. Physical and logical controls c. Management and preventive controls d. Corrective and recovery controls

Choice (b) is the correct answer. Physical controls (token, key, and card) are used to identify a user, and logical controls (fingerprint and voice) are used to authenticate the same user.

The most common concern regarding a physical security area is: a. Fire suppression system b. Piggybacking c. Locks and keys d. Natural disasters

Choice (b) is the correct answer. Piggybacking occurs when unauthorized access is gained to a computer system or facility via a user's legitimate connection. Then both the authorized and the unauthorized person enter the sensitive area. This kind of entry cannot be predicted or anticipated and its frequency of occurrence can be high.Fire suppression systems (choice a) should not be a concern if tested periodically. Locks and keys (choice c) are the first line of defense against intruders entering into a computer center building or computer room. Natural disasters (choice d) are not a concern because of their low frequency.

Protective lighting does which of the following for computer facilities? a. Detection and correction b. Deterrent and detection c. Correction and action d. Protection and correction

Choice (b) is the correct answer. Protective lighting should act as deterrent and make detection likely. The lighting should enable the security staff to observe others without being seen.

Which of the following pairs of items create a conflicting situation in a computer center? a. Fire-resistant file cabinets, vital records b. Sprinkler systems, water damage c. Fire detection system, alarms d. Furniture and equipment, noncombustible materials

Choice (b) is the correct answer. Sprinkler systems are desirable if the computer room construction contains combustible materials. While sprinklers extinguish fire, extensive water can damage some areas and materials in the room due to use of the sprinkler system. Choice (d) has no conflict because furniture and equipment in a computer room should be constructed of metal or other noncombustible material. Choice (c) has no conflict because fire detection and extinguishing systems should have alarms to signal trouble and to communicate problems to a specific location that is always manned. Choice (a) has no conflict because vital records should be stored in a fire-resistant cabinet file.

"Tailgating" or "Piggy-backing" in a computer center can be prevented by which of the following? a. Cameras b. Mantraps c. Sensors d. Alarms

Choice (b) is the correct answer. Tailgating (piggy-backing) means an unauthorized person is following an authorized person into a facility. It can be prevented by the use of mantraps where they take a measurement of the body weight of a person entering the computer center doors and combine it with a biometric feature such as fingerprint scan. If the person is not authorized to enter this highly sensitive area, he will not be allowed to proceed further and security authorities will be notified. Surveillance cameras are passive and do not take any action. Sensors and alarms do not have the intelligence built in similar to that of mantraps, and can give rise to false alarms.

Which of the following is used to call for assistance? a. Contact sensor b. Duress sensor c. Vibration sensor d. Infrared sensor

Choice (b) is the correct answer. The duress sensor is used to call for assistance and it consists of a hand or foot operated switch usually found in bank teller areas. Contact sensor is activated when an electrical circuit is broken. Vibration sensor detects forced entry through metal barriers placed over windows, for example. Infrared sensors detect body heat.

Which of the following is a proper control in a computer room? a. Smoke detection equipment shuts down the wet pipe equipment b. Smoke detection equipment shuts down the air-conditioning equipment c. Smoke detection equipment shuts down the preaction pipe equipment d. Smoke detection equipment shuts down the water pipe equipment

Choice (b) is the correct answer. The smoke detection system should shut down the air-conditioning equipment. Similarly, an emergency power shutdown should include shutting down the air-conditioning system. The reason is that when there is smoke or a power loss, the air-conditioning equipment should be turned off so people do not inhale smoke.

When freezing temperatures and broken pipes are a problem, which of the following should be used? a. Wet-pipe systems b. Dry-pipe system c. Carbon-dioxide system d. Halon system

Choice (b) is the correct answer. When freezing temperatures and broken pipes are a problem, the dry-pipe system is useful. Air pressure is maintained in the pipes until a sprinkler head ruptures. Then, the air escapes, and water enters the pipes and exits through the opened sprinklers. With the wet-pipe system, water is in the pipes at all times and is released when heat ruptures the seal in the sprinkler head.

Which one of the following power problems is unlike the others? a. Sags b. Spikes c. Blackouts d. Surges

Choice (c) is the correct answer. A blackout is a total loss of power, lasting several minutes to several hours, caused by damage to power lines and equipment, commonly due to weather conditions. Sags create undervoltage conditions. Spikes and surges create over-voltage conditions.

Fires involving energized electrical equipment are rated as: a. Class A fires b. Class B fires c. Class C fires d. Class D fires

Choice (c) is the correct answer. A classification of fires is based on the nature of the combustibles, relating directly to the efficacy of extinguishing agents. Four classes are described as follows: Class A: Fires involving ordinary combustible solids (e.g., wood, cloth, paper, rubber, and many plastics) Class B: Fires involving flammable or combustible liquids and flammable gases Class C: Fires involving energized electrical equipment Class D: Fires involving certain combustible materials such as magnesium and sodium

Which of the following parties poses a greater risk to an organization when guarding against electronic surveillance and wiretapping activities? a. A spy stationed in another building b. A janitor in the same building c. An employee in the same building d. A window washer in the same building

Choice (c) is the correct answer. A spy stationed on the same floor in another building a few blocks away can use a telescope to obtain secret data; a window washer can take pictures of documents on desks or walls; a janitor is positioned to take documents discarded in the trash. However, these occurrences are rare. The greatest risk is an employee working in the same building because of proximity and the trust placed in the employee.

Which of the following is true about biometrics? a. Least expensive and least secure b. Most expensive and least secure c. Most expensive and most secure d. Least expensive and most secure

Choice (c) is the correct answer. Biometrics tends to be the most expensive and most secure. Choice (a) refers to passwords, while choice (d) refers to memory/smart tokens. In general, passwords are the least expensive authentication technique and generally the least secure. Memory tokens are less expensive than smart tokens but have less functionality. Smart tokens with a human interface do not require reading equipment but are more convenient to use.

Which of the following is ineffective in extinguishing Class A and B fires in a building? a. Carbon dioxide b. Water fog c. Dry powder d. Dry chemical

Choice (c) is the correct answer. Dry powder is effective against Class D fires and ineffective against Class A and B fires. The other three choices are effective against Class A and B fires. Water fog is created by a special nozzle on the water hose.

Which of the following should be considered as delaying devices in physical security? a. Lights b. Safes c. Locks d. Vaults

Choice (c) is the correct answer. Locks are considered as delaying devices only and not bars to entry. The longer it takes to open or break a lock the shorter the patience for an intruder. The idea is that officials will soon be arriving at the place if it takes longer to open a lock. Lights serve as a deterrent to violators. Safes provide protection against fire, burglary, and robbery. Vaults are enlarged safes and can be supported by alarm systems.

Which of the following combination of controls is not appropriate to prevent unauthorized people from entering a computer center? a. Double-locked doors b. Television monitors c. Terminal IDs d. Picture ID badges

Choice (c) is the correct answer. Logical access controls verify the terminal identification (ID) number and not a part of physical security. Logical access controls provide a technical means of controlling what information users can utilize, the programs they can run, and the modifications they can make. Choices (a), (b), and (d) deal with physical security, which is the right kind of control to prevent unauthorized people from entering a computer center. This combination of physical security controls provides good protection.

Electronic surveillance and wiretapping has increased due to which of the following? a. Telephone lines b. Bugging techniques c. Microchip technology d. Surveillance equipment

Choice (c) is the correct answer. Miniaturization has greatly aided spying. With advances in microchip technology, transmitters can be so small as to be enmeshed in wallpaper, inserted under a stamp, or placed on the head of a nail.

Which of the following security controls is simple to implement with the least amount of delay? a. Operating system security controls b. Network security controls c. Physical security controls d. Application system security controls

Choice (c) is the correct answer. Physical security is achieved through the use of locks, guards, and administratively controlled procedures such as visitor badges. It also protects the structures housing the computer and related equipment against damage from accident, fire, and environmental hazards, thus ensuring the protection of their contents. Physical security measures are the first line of defense against the risks that stem from the uncertainties in the environment as well as from the unpredictability of human behavior. Frequently, they are the simplest safeguards to implement and can be put into practice with the least delay. The controls listed in the other three choices take a long time to implement and are not simple to install.

Which of the following measures provides a first line of defense against potential risks and threats in a computer center? a. Application security b. Data security c. Physical security d. Telecommunications security

Choice (c) is the correct answer. Physical security measures (e.g., locks and keys) are the first line of defense against potential risks and exposures and are mostly hardware-related. The securities listed in the other three choices are mostly software-related.

Which of the following should be the first step to be performed prior to installing cable wires in a computer center facility? a. Implement physical security controls b. Test the cables c. Check with local building codes d. Label the cables

Choice (c) is the correct answer. Prior to any wiring installation, it is good to contact the official local building code standard sources and people to ensure that the planned cable plant is consistent with electrical and fire codes. This is to protect the safety and security of the facility. Physical security controls can include acquiring dedicated space with a locked door to serve as a wiring closet. After checking with the local building codes, the next step is to test the cable for bad spots. By labeling both ends of a cable, a built-in map is available that identifies each cable, its termination point and length, and electrical characteristics.

Which of the following intruder detection systems cannot be used as a primary system? a. Photoelectric detection systems b. Motion detection systems c. Proximity detection systems d. Audio detection systems

Choice (c) is the correct answer. Proximity detection systems identify the approach or presence of an object or an individual. It is designed to be supplemental and cannot be used effectively as a primary system because of the system's vulnerability to nuisance alarms caused by electric supply fluctuations and by the presence of mops, pails, etc., placed near the system. Animals and birds can trigger a system into alarm if it is too sensitive. Therefore, proximity systems should be backed up by other security systems. Photoelectric systems operate based on light, motion systems operate based on signal, and audio systems operate based on sound.

The failure of a sprinkler system most often is due to which of the following reasons? a. Equipment error b. Computer error c. Human error d. Design error

Choice (c) is the correct answer. The failure of a sprinkler system most often is due to human error. The water supply was turned off at the time of the fire.

The justification process in selecting electronic surveillance and wiretapping detection equipment includes which of the following? a. Low cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage b. Medium cost of detection equipment, high value of assets to be protected, and a low rate of equipment usage c. High cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage d. Low cost of detection equipment, low value of assets to be protected, and a high rate of equipment usage

Choice (c) is the correct answer. The high cost of detection equipment is justified when the assets to be protected are highly valued and when a high rate of use can be made of the equipment. This is based on the cost-benefit principle.

Which of the following physical intrusion detection system components report on the condition of the system? a. Motion sensors b. Control unit c. Monitor unit d. Transmission lines

Choice (c) is the correct answer. The physical intrusion detection system contains four components: motion sensors, control unit, monitor unit, and transmission lines. These components are integrated to operate in a specified manner. A monitor unit is a device that senses and reports on the condition of a system. Motion sensors (choice a) detect movement inside the area to be protected. A control unit (choice b) is the terminal box for all sensors. Transmission lines (choice d) communicate events, signals, and sensors.

Which one of the following replacements for the Halogenated agents (Halon 1211 and 1301) is the safest to humans? a. FM-200 b. Argon c. Water fog d. Inergen

Choice (c) is the correct answer. The production of Halogenated agents (Halon 1211 and 1301) was stopped in January 1994 due to their depletion of the Ozone layer. Many replacements were found but the water fog is the safest one to humans.

The most effective control in handling potential terrorist attacks, especially bombing, is to: a. Use simulation software b. Examine all letters and parcels coming into a building c. Hire security guards d. Keep motor vehicles away from the building

Choice (c) is the correct answer. There is no substitute for vigilant and resourceful security guards protecting the buildings. Simulation software is available that will assess the vulnerability of a structure to explosive blasts by simulating the detonation of devices at various design points. Security can be improved by simply keeping vehicles away from near proximity to the structure. It also makes sense to examine all letters and parcels coming into a building for explosives.

Which of the following sensors detect the sounds of forced entry into a computer facility? a. Penetration sensor b. Microwave sensor c. Ultrasonic sensor d. Photoelectric sensor

Choice (c) is the correct answer. Ultrasonic sensors operate by sounds. Penetration sensors detect normal entry through doors, windows, walls, or any other opening into the protected area. Microwave sensors operate by radio or radar frequency transceiver. Photoelectric sensor operates by an interruption of light beam transmitted to the receiver.

Which of the following combination controls would not be appropriate in extinguishing fires? a. Smoke/fire detectors b. Water sprinklers c. Uninterruptible power supply equipment d. Fire or evacuation drills

Choice (c) is the correct answer. Uninterruptible power supply (UPS) equipment does not by itself help in extinguishing a fire. UPS will prolong an electrical power supply when there is a power failure. Smoke/fire detectors (choice a) combined with water sprinklers (choice b) will help detect or put out an actual fire. Fire or evacuation drills (choice d) will help in getting ready for an actual fire. A single control would rarely suffice to meet control objectives. Rather, a combination of controls is needed to make up a whole and to provide a synergistic effect. In the example, all three controls are needed to be effective.

Which one of the following statements is not true regarding a water-based fire extinguishing system? a. Water cools the equipment relatively quickly b. The release of water can be localized to where it is needed c. Water and Halon gas systems are mutually exclusive d. Jet sprayers can be an alternative to water sprinklers

Choice (c) is the correct answer. Water and Halon gas should be used in conjunction with heat and smoke detectors and mechanisms for automatically shutting off electrical power and air-conditioning devices. Choice (a) is incorrect because water cools the equipment relatively quickly. Choice (b) is incorrect because the release of water can be localized to where it is needed. Choice (d) is incorrect because jet sprayers can be an alternative to water sprinklers. Jet sprayers located on the ceiling spray a fine water mist that turns to steam on contact with the fire, smothering it. Choices (a), (b), and (d) are true.

Which of the following is not a technical security measure? a. Hardware b. Software c. Firmware d. Physical control

Choice (d) is the correct answer. A major part of the security of an IT system can often be achieved through nontechnical measures, such as organizational, personnel, physical, and administrative controls. However, there is a growing tendency and need to employ technical IT security measures implemented in hardware, software, and firmware.

Advanced microelectronic techniques make PCs vulnerable to bugging. The best detective control procedure is to: a. Check all employee's personal bags or briefcases when they leave work b. Issue a policy statement restricting such unauthorized acts c. Make sure that technicians performing maintenance work are both authorized and qualified d. Require that a pass-out ticket be obtained after a technical review of PC working conditions

Choice (d) is the correct answer. A transmitter chip or circuit board could be installed, removed, or substituted by a person for unauthorized purposes. Choices (b) and (c) are preventive controls, which may not be effective in this situation. Choices (a) and (d) are detective controls where choice (d) is very effective because a review and/or testing of the working condition of the PC provides a reasonable assurance of being bug free.

Dry powder is used to extinguish which of the following fires? a. Class A fires b. Class B fires c. Class C fires d. Class D fires

Choice (d) is the correct answer. Class D fire is extinguished by dry powder. Class A fire is extinguished by water, Class B by carbon dioxide, and Class C is by a non-conducting extinguishing agent.

Modern "dry pipe" systems: a. Are less sophisticated than water-based sprinkler systems b. Maximize chances of accidental discharge of water c. Are a substitute for carbon dioxide fire-suppression systems d. Are a substitute for water-based sprinkler systems

Choice (d) is the correct answer. Dry pipe systems are more sophisticated than water-based sprinkler systems (choice a). They minimize the chances of accidental discharge of water (choice b) because they discharge water only as needed. Therefore, they are a substitute for water-based sprinkler systems, which are used to extinguish fire. Carbon dioxide (choice c) is a clean gas and does not leave a residue on computer equipment or magnetic media. However, its use is diminishing due to potential health problems. Carbon dioxide and water sprinklers, respectively, are ranked from most to least harmful to people when activated.

The vulnerability of a facility to damage or attack may be assessed by all of the following except: a. Inspection b. History of losses c. Security controls d. Security budget

Choice (d) is the correct answer. Examining a security budget cannot reveal much because there is no direct correlation between the budget and the vulnerability. An inspection of the facility by an experienced inspector can reveal the status of the facility and its associated controls. Examination of the facility's record of losses can reveal how bad the situation is. The degree of security controls installed can reveal whether high-value property is properly safeguarded from theft by insiders or attack by outsiders.

All of the following are proper places for installing smoke detectors except: a. In the ceiling of a building b. Under the raised floor c. In air return ducts of a building d. In water drains on the floor

Choice (d) is the correct answer. For maximum use and benefit, smoke detectors should be installed in the ceiling, under the raised floor,and in air return ducts. Choices (a), (b), and (c) are proper places. Putting a smoke detector in water drains on the floor is improper.

Which of the following is the most costly countermeasure to reduce physical security risks? a. Procedural controls b. Hardware devices c. Electronic systems d. Personnel

Choice (d) is the correct answer. Personnel such as security guards are the greatest expense due to direct salaries plus fringe benefits paid to them. It is good to use people only in those areas where procedural controls, hardware devices, or electronic systems cannot be utilized at all or cannot be utilized more effectively. Procedural controls are generally the least expensive such as logging visitors and recording temperatures. They can be manual or automated; the latter can be expensive. Hardware devices can include locks, keys, fences, gates, document shredders, vaults, barricades, etc. Electronic systems can include access controls, alarms, CCTV, detectors, etc.

An effective physical security control when accessing sensitive facilities and systems include which of the following? a. Smart card b. A biometric measure c. A digital certificate d. a, b, and c

Choice (d) is the correct answer. Smart card technology, in combination with biometrics, offers great levels of security when accessing buildings, computers, and large dollar accounts. The smart card can be used in a number of ways to identity the cardholder to the physical access control system. These include (1) carrying a number that can be used to retrieve the cardholder's access privileges from the physical access control system's files, (2) carrying access control privileges on-board the card, (3) carrying a digital certificate to verify the cardholder's identity, and (4) carrying a biometric template against which the cardholder's live scan is compared to verify the cardholder's identity.

Which of the following is not one of the four legs of a fire? a. Heat b. Fuel c. Oxygen d. Smoke

Choice (d) is the correct answer. Smoke is a by-product of a fire while heat, fuel, oxygen, and chemical reaction are the four legs of a fire.

Which of the following is the best place for sounding an alarm coming from a computer room? a. At a local station b. At a security guard station c. At a central station d. At a fire or police station

Choice (d) is the correct answer. The best place for sounding an alarm coming from a computer room is at a fire or police station because immediate action can be taken. There can be a delay at the other choices.

Where do you start when considering physical security protection for new computer facilities? a. Front to back b. Back to front c. Outside in d. Inside out

Choice (d) is the correct answer. The best strategy is to start with interior security, proceed to the exterior security, and then to the outer perimeter. This path provides a clear picture of all areas needing protection and ensures completeness of analysis.

The best location for a data center is: a. Near stairways b. Near elevators c. Near restrooms d. Any location other than the above

Choice (d) is the correct answer. The objective is to reduce the risk of bombings. The data center should be remote from publicly used areas due to their easy access for both insiders (disgruntled employees) and outsiders (intruders).

Which of the following represents the upper end of the protection scale against electrical problems (e.g.,sags) in a computer center? a. Battery backup b. Power filters c. Power conditioners d. Uninterruptible power supply

Choice (d) is the correct answer. The order of protection scale from lower end to upper end is as follows: battery backup, power filters, power conditioners, and uninterruptible power supply (UPS). Battery backup has a short life (that is, low-end protection) compared to the UPS (which is high-end protection). Power filters filter the sags, spikes, and impulse noises. Power conditioners regulate the voltage into the system. UPS can clean up most of the power problems such as spikes, surges, sags, brownouts, blackouts, frequency variations, transient noises, and impulse hits.

Which of the following is the last line of defense in a physical security? a. Perimeter barriers b. Exterior protection c. Interior barriers d. People

Choice (d) is the correct answer. The perimeter barriers (e.g., fences) are located at the outer edge of property and usually are the first line of defense. The exterior protection such as walls, ceilings, roofs, and floors of buildings themselves are considered the second line of defense. Interior barriers within the building such as doors and locks are considered the third line of defense. After all the above defenses are failed, the last line of defense is people, employees working in the building. They should question strangers and others unfamiliar to them.

UPS

Uninterruptible Power Supply

Underwriters Laboratory (UL)

a nonprofit organization that tests, inspects, and classifies electronic devices, fire protection equipment, and specific construction materials.

All of the following are benefits of automated environmental controls over manual monitoring except: a. System probes to perform diagnosis and analysis b. Orderly shutdown of the host system c. Slow recovery d. Problem recording and notification

a. System probes to perform diagnosis and analysis


Ensembles d'études connexes

Unit 2: Resources and Their Impact

View Set

Physics - Electric Forces & Fields

View Set

PR Writing - Writing Email, Memos, & Proposals

View Set

Assessment and Management of Patients with Rheumatic Disorders

View Set

Chapter 5: Environment Analysis Framework

View Set

NRSG 2510 Exam 2: Practice Questions

View Set

Ch.63 Assessment and Management of Patients with Eye and Vision Disorders

View Set

Chapter 14: Antineoplastic Agents Prep-U Q's and A's

View Set