Physical Security/Asset Security_1
Which of the following fire types is most common? a. Furniture fires b. Electrical fires c. Paper fires d. Gasoline fires
Electrical fires Statistics indicate that most fires are electrical in origin.
Controls such as locked doors, intrusion detection devices, and security guards address which of the following risks? a. Heat failure b. Fraud or theft c. Power failure d. Equipment failure
Fraud or theft Locked doors, intrusion detection devices, and security guards that restrict physical access are important preventive measures to control sabotage, riots, fraud, or theft. Sabotage can be caused by a disgruntled employee as well as by outsiders. Personnel policies should require the immediate termination and removal from the premise of an employee considered a threat. Fraud or theft exposures are reduced by restricting access to information that may be altered. Power failure (choice c) can be controlled by UPS. Heat failure (choice a) may cause inconvenience to employees. Equipment failure (choice d) may result in extended processing delays. Performance of preventative maintenance enhances system reliability and should be extended to all supporting equipment, such as temperature and humidity control systems and alarm or detecting devices.
The least important factor to be considered when selecting an uninterruptible power system is: a. Fuel options b. Electrical load c. Battery duration d. Physical space
Fuel options The selection of an uninterruptible power system is governed by three factors, electrical load, battery duration, and physical space. The electrical load represents the capacity for the UPS to supply power to the equipment properly. The battery duration is simply how long the UPS is supposed to support the equipment. Physical space is required for any UPS. Fuel options, whether to use diesel or natural gasoline, can be considered at a later point in the decision making process.
What would you be most concerned with after learning the following about a data center? a. Gun powder is stored in the basement of the building where the data center is also located b. The data center is located near oil storage tanks c. The data center is in close proximity (i.e., between one and two miles) to one engaged in the refinement of highly explosive chemicals or combustible and volatile products d. The data center is five to ten miles away from a nuclear power plant
Gun powder is stored in the basement of the building where the data center is also located Here, critical factors are the distance and the frequency of a certain outcome. Storing gunpowder in the basement of the building where the data center is located is riskier due to close proximity and the frequency with which fire or explosion can occur. The other three locations, although risky, are far away from the basement of a building.
An effective physical security control when accessing sensitive facilities and systems include which of the following? a. Smart card b. A biometric measure c. A digital certificate d. a, b, and c
-Smart card -A biometric measure -A digital certificate Smart card technology, in combination with biometrics, offers great levels of security when accessing buildings, computers, and large dollar accounts. The smart card can be used in a number of ways to identity the cardholder to the physical access control system. These include (1) carrying a number that can be used to retrieve the cardholder's access privileges from the physical access control system's file, (2) carrying access control privileges on-board the card, (3) carrying a digital certificate to verify the cardholder's identity, and (4) carrying a biometric template against which the cardholder's live scan is compared to verify the cardholder's identify.
Mantraps in a computer center are controlled by which of the following? a. A person's body weight and a smart card b. A person's body weight and a biometric feature c. A person's body weight and a magnetic card d. A person's body weight and a personal identification number (PIN)
A person's body weight and a biometric feature Mantraps are used in high sensitive areas and have a built-in weighing scale. The mantrap controlling software looks at a combination of a person's body weight and a biometric feature such as fingerprint scan, hand geometry, facial recognition, iris scan, and voice recognition, and compares to a stored information about that person. Smart cards, magnetic cars, and PINs can be stolen or lost, which are weak form of authentication even when combined with the body weight. Choice (b) authenticates "what the user is," which is stronger than the other three choices.
In a fire-extinguishing environment, a dry pipe is: a. A sprinkler system in which the water does not enter the pipes until the automatic sensor indicates that there is a fire in the area b. A sprinkler system in which the water is in the pipe, but the outside of the pipe is dry c. A Halon gas system that contains a dry pipe d. A carbon dioxide (CO2) gas system that has a dry chemical to extinguish a fire
A sprinkler system in which the water does not enter the pipes until the automatic sensor indicates that there is a fire in the area The sequence of dry-pipe actions is (1) a heat or smoke sensor is activated first, (2) water fills the previously empty pipes leading to the sprinklers, (3) the alarm is sounded, and (4) the electrical power supply is disconnected automatically. Choice (b) is incorrect because water is not in the pipe until the heat or smoke sensor is activated. Choices (c) and (d) are incorrect because the descriptions are meaningless.
Which one of the following is filled with water? a. A wet-pipe sprinkler system b. A dry-pipe sprinkler system c. A halogenated sprinkler system d. A carbon dioxide sprinkler system
A wet-pipe sprinkler system A wet-pipe sprinkler system is made up of sprinkler devices attached to pipes filled with water. A drysprinkler system contains air under pressure. When a sprinkler is activated, the released air opens valves allowing water into the pipes. Choices (c) and (d) are meaningless.
Which of the following parties poses a greater risk to an organization when guarding against electronic surveillance and wiretapping activities? a. A spy stationed in another building b. A janitor in the same building c. An employee in the same building d. A window washer in the same building
An employee in the same building A spy stationed on the same floor in another building a few blocks away can use a telescope to obtain secret data; a window washer can take pictures of documents on desks or walls; a janitor is positioned to take documents discarded in the trash. However, these occurrences are rare. The greatest risk is an employee working in the same building because of proximity and the trust placed in the employee.
The best location for a data center is: a. Near stairways b. Near elevators c. Near restrooms d. Any location other than the above
Any location other than the above The objective is to reduce the risk of bombings. The data center should be remote from publicly used areas due to their easy access for both insiders (disgruntled employees) and outsiders (intruders).
Modern "dry pipe" systems: a. Are less sophisticated than water-based sprinkler systems b. Maximize chances of accidental discharge of water c. Are a substitute for carbon dioxide fire-suppression systems d. Are a substitute for water-based sprinkler systems
Are a substitute for water-based sprinkler systems Dry pipe systems are more sophisticated than water-based sprinkler systems (choice a). They minimize the chances of accidental discharge of water (choice b) because they discharge water only as needed. Therefore, they are a substitute for water-based sprinkler systems, which are used to extinguish fire. Carbon dioxide (choice c) is a clean gas and does not leave a residue on computer equipment or magnetic media. However, its use is diminishing due to potential health problems. Carbon dioxide and water sprinklers, respectively, are ranked from most to least harmful to people when activated.
Which of the following is the best place for sounding an alarm coming from a computer room? a. At a local station b. At a security guard station c. At a central station d. At a fire or police station
At a fire or police station The best place for sounding an alarm coming from a computer room is at a fire or police station because immediate action can be taken. There can be a delay at the other choices.
Water sprinklers operate at what temperatures? a. Between 120 and 130 F b. Between 130 and 165 F c. Between 135 and 145 F d. Between 145 and 160 F
Between 130 and 165 F Most water sprinkler systems operate at temperatures between 130 and 165 degrees Fahrenheit.
Which one of the following power problems is unlike the others? a. Sags b. Spikes c. Blackouts d. Surges
Blackouts A blackout is a total loss of power, lasting several minutes to several hours, caused by damage to power lines and equipment, commonly due to weather conditions. Sags create undervoltage conditions. Spikes and surges create over-voltage conditions.
Which of the following statements is true? a. Both mantraps and turnstiles are physical security controls b. A mantrap is a physical security control while a turnstile is a logical access security control c. A mantrap is an environmental security control while a turnstile is a network security control d. Both mantraps and turnstiles are cryptographic security controls
Both mantraps and turnstiles are physical security controls Both stationary and revolving doors are used in mantraps and turnstiles. Unauthorized individuals entering a data center cannot get out of a mantrap since it is so restrictive in terms of movement. Turnstiles also restrict the movement of an unauthorized individual. Both of these controls are part of the physical security controls within data center requiring high-level security.
An under-voltage in electric power is called: a. Brownout b. Blackout c. Burnout d. Dropout
Brownout A brownout is a condition in which electrical power dips below normal for more than a few seconds and is caused by under-voltage. Brownouts are a result of load near to or equaling generating capacity. A blackout is a complete loss of electrical power (that is, actual failure). Blackouts can result from windstorms, floods, from failures of electronic system equipment, or from human error. A dropout is an area on a disk or tape that cannot effectively record data. Persistent brownouts can cause data corruption and loss and can also cause computer power supplies to overheat and burn out.
Which of the following should be the first step to be performed prior to installing cable wires in a computer center facility? a. Implement physical security controls b. Test the cables c. Check with local building codes d. Label the cables
Check with local building codes Prior to any wiring installation, it is good to contact the official local building code standard sources and people to ensure that the planned cable plant is consistent with electrical and fire codes. This is to protect the safety and security of the facility. Physical security controls can include acquiring dedicated space with a locked door to serve as a wiring closet. After checking with the local building codes, the next step is to test the cable for bad spots. By labeling both ends of a cable, a built-in map is available that identifies each cable, it's termination point and length, and electrical characteristics.
Fires involving energized electrical equipment are rated as: a. Class A fires b. Class B fires c. Class C fires d. Class D fires
Class C fires A classification of fires is based on the nature of the combustibles, relating directly to the efficacy of extinguishing agents. Four classes are described as follows: Class A - Fires involving ordinary combustible solids (e.g. wood, cloth, paper, rubber, and many plastics). Class B - Fires involving flammable or combustible liquids and flammable gasses. Class C - Fires involving energized electrical equipment. Class D - Fires involving certain combustible materials such as magnesium and sodium.
Dry powder is used to extinguish which of the following fires? a. Class A fires b. Class B fires c. Class C fires d. Class D fires
Class D fires Class D fire is extinguished by dry powder. Class A fire is extinguished by water, Class B by carbon dioxide, and Class C is by a non-conducting extinguishing agent.
Which of the following is a safe practice to ensure physical security? a. Deter b. Detect c. Delay d. Deny
Deter it is preferred to deter attacks against property, whether criminal or not. if not deterred, access to selected areas or properties should be denied. If not denied, attacks that occur should be detected. If not detected in time, attacks should be delayed to allow time for response by authorities.
Protective lighting does which of the following for computer facilities? a. Detection and correction b. Deterrent and detection c. Correction and action d. Protection and correction
Deterrent and detection Protective lighting should act as deterrent and make detection likely. The lighting should enable the security staff to observe others without being seen.
Which of the following combination controls is not appropriate to ensure continuity of electric power supply? a. Disk mirroring b. Power line conditioners c. Uninterruptible power supply equipment d. Backup generators
Disk mirroring Disk mirroring is not appropriate to ensure the continuity of electric power supply because it prevents data loss. It is a fault tolerant mechanism because it copies and stores data in two places (disks). Choices (b), (c), and (d) are incorrect because they are needed to provide continuity of electric power supply. Power line conditioners smooth out power fluctuations. UPS equipment provides relief from short power outages. Backup generators support relief from long power outages. Rarely, a single control will suffice to meet control objectives. Rather, a combination of controls is needed to make up a whole and to provide a synergistic effect.
Which of the following is ineffective in extinguishing Class A and B fires in a building? a. Carbon dioxide b. Water fog c. Dry powder d. Dry chemical
Dry powder Dry powder is effective against Class D fires and ineffective against Class A and B fires. The other three choices are effective again Class A and B fires. Water for is created by a special nozzle on the water hose.
When freezing temperatures and broken pipes are a problem, which of the following should be used? a. Wet-pipe systems b. Dry-pipe system c. Carbon-dioxide system d. Halon system
Dry-pipe system When freezing temperatures and broken pipes are a problem, the dry-pipe system is useful. Air pressure is maintained in the pipes until a sprinkler head ruptures. Then, the air escapes, and water enters the pipes and exits through the opened sprinklers. With the wet-pipe system, water is in the pipes at all times and is released when heat ruptures the seal in the sprinkler head.
Which of the following is used to call for assistance? a. Contact sensor b. Duress sensor c. Vibration sensor d. Infrared sensor
Duress sensor The duress sensor is used to call for assistance and it consists of a hand or foot operated switch usually found in bank teller areas. Contact sensor is activated when an electrical circuit is broken. Vibration sensor detects forced entry through metal barriers placed over windows, for example. Infrared sensors detect body heat.
The justification process in selecting electronic surveillance and wiretapping detection equipment includes which of the following? a. Low cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage b. Medium cost of detection equipment, high value of assets to be protected, and a low rate of equipment usage c. High cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage d. Low cost of detection equipment, low value of assets to be protected, and a high rate of equipment usage
High cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage The high cost of detection equipment is justified when the assets to be protected are highly valued and when a high rate of use can be made of the equipment. this is based on the cost-benefit principle.
The most effective control in handling potential terrorist attacks, especially bombing, is to: a. Use simulation software b. Examine all letters and parcels coming into a building c. Hire security guards d. Keep motor vehicles away from the building
Hire security guards There is no substitute for vigilant and resourceful security guards protecting the buildings. Simulation software is available that will assess the vulnerability of a structure to explosive blasts by simulating the detonation of devices at various design points. Security can be improved by simply keeping vehicles away from near proximity to the structure. It also makes sense to examine all letters and parcels coming into a building for explosives.
The failure of a sprinkler system most often is due to which of the following reasons? a. Equipment error b. Computer error c. Human error d. Design error
Human Error The failure of a sprinkler system most often is due to human error. The water supply was turned off at the time of the fire.
An instrument that measures atmospheric humidity in a computer room is called a: a. Hygrometer b. Hydrometer c. Barometer d. Voltmeter
Hygrometer A hygrometer is an instrument that measures atmospheric humidity. A hydrometer (choice b) is an instrument used to determine specific gravity that sinks in a fluid to a depth used as a measure of the fluid's specific gravity. A barometer (choice c) is an instrument for measuring atmospheric pressure, used in weather forecasting and in determining elevation. A voltmeter (choice d) is an instrument for measuring electrical voltage.
All of the following are proper places for installing smoke detectors except: a. In the ceiling of a building b. Under the raised floor c. In air return ducts of a building d. In water drains on the floor
In water drains on the floor For maximum use and benefit, smoke detectors should be installed in the ceiling, under the raised floor, and in air return ducts. Choice (a), (b), (c) are proper places. Putting a smoke detector in water drains on the floor is improper.
Where do you start when considering physical security protection for new computer facilities? a. Front to back b. Back to front c. Outside in d. Inside out
Inside Out The best strategy is to start with interior security, proceed to exterior security, and then to the outer perimeter. This path provides a clear picture of all areas needing protection and ensures completeness. of analysis.
The most important criteria to apply when hiring an outside consultant to advise in selecting eavesdropping and wiretapping countermeasures includes: a. Insurance and bonding b. Education and training c. Previous work references d. Experience and certification
Insurance and bonding In addition to education and training, previous work references, experience and certification, it is important to find out about insurance and bonding coverage's. The work of security consultant is confidential and sensitive, which requires bonding.
Which one of the following fire sensors is useful in giving early warning? a. Ionization detector b. Photoelectric smoke detector c. Infrared flame detector d. Thermal detector
Ionization detector The ionization detector is useful in giving early warning so that human lives can be saved. The photoelectric smoke detector alarms when the source of light is interrupted. The infrared flame detector reacts to emissions from flame. the thermal detector operates on a significant change in temperature.
Which of the following is best to replace the use of personal identification numbers (PINs) in the world of electronic banking? a. Iris-detection technology b. Voice technology c. Hand technology d. Fingerprint technology
Iris-detection technology An automated teller machine customer can stand within three feet of a camera that automatically locates and scans the iris in the eye. The scanned bar code is then compared against previously stored code in the bank's file. Iris-detection technology is far superior in terms of accuracy compared to the accuracy of voice, face, hand, and fingerprint identification systems. Iris technology does not require a PIN.
A power brownout condition is which of the following? a. It is a long-term lag b. It is a long-term sag c. It is a short-term lag d. It is a short-term sag
It is a long-term sag A brownout condition is a long-term sag. it is a deliberate reduction of voltage output at a power generating station to respond to high demand and thus avoids an outage. Choice (d) is the description of a voltage sag. Choices (a) and (c) are distracters.
Which of the following statements is true about physical security and life safety? a. Physical security strives to control entry b. Life safety focuses on providing easy exit from a facility c. Life safety measures are expensive d. It is possible to achieve an effective balance between physical security and life safety
It is possible to achieve an effective balance between physical security and life safety It is important to understand that the objectives of physical access controls may be in conflict with those of life safety. Simply stated, life safety focuses on providing easy exit from a facility, particularly in an emergency, while physical security strives to control entry. In general, life safety must be given first consideration, but it is usually possible to achieve an effective balance between the two goals. Life safety measures need not be expensive; sometimes least expensive measures work best.
A voltage spike is which of the following? a. It is sharp but brief increase in voltage b. It is slow but brief increase in voltage c. It is sharp but brief decrease in voltage d. It is slow but brief decrease in voltage
It is sharp but brief increase in voltage A voltage spike is a sharp but brief increase in voltage, commonly caused by the turning off the heavy electrical loads such as air conditioners or photocopiers. The other three choices are meaningless.
Which of the following should be considered as delaying devices in physical security? a. Lights b. Safes c. Locks d. Vaults
Locks Locks are considered as delaying devices only and not bars to entry. The longer it takes to open or break a lock the shorter the patience for an intruder. The idea is that officials will soon be arriving at the place if it takes longer to open a lock. Lights serve as a deterrent to violators. Safes provide protection against fire, burglary, and robbery. Vaults are enlarged safes and can be supported by alarm systems.
"Tailgating" or "Piggy-backing" in a computer center can be prevented by which of the following? a. Cameras b. Mantraps c. Sensors d. Alarms
Mantraps Tailgating (piggy-backing) means an unauthorized person is following an authorized person into a facility. It can be prevented by the use of mantraps where they take a measurement of the body weight of a person entering the computer center doors and combine it with a biometric feature such as fingerprint scan. If the person is not authorized to enter this highly sensitive area, he will not be allowed to proceed further and security authorities will be notified. Surveillance cameras are passive and do not take any action. sensors and alarms do not have the intelligence built in similar to that of mantraps, and can give rise to false alarms.
Electronic surveillance and wiretapping has increased due to which of the following? a. Telephone lines b. Bugging techniques c. Microchip technology d. Surveillance equipment
Microchip technology Miniaturization has greatly aided spying. With advances in microchip technology, transmitters can be so small as to be enmeshed in wallpaper, inserted under a stamp, or placed on the head of a nail.
Which of the following physical intrusion detection system components report on the condition of the system? a. Motion sensors b. Control unit c. Monitor unit d. Transmission lines
Monitor unit The physical intrusion detection system contains four components: motion sensors, control unit, monitor unit, and transmission lines. these components are integrated to operate in a specified manner. A monitor unit is a device that senses and reports on the condition of a system. Motion sensors (choice a) detect movement inside the area to be protected. A control unit (choice b) is the terminal box for all sensors. transmission lines (choice d) communicate events, signals, and sensors.
Which of the following is true about biometrics? a. Least expensive and least secure b. Most expensive and least secure c. Most expensive and most secure d. Least expensive and most secure
Most expensive and most secure Biometrics tends to be the most expensive and most secure. Choice (a) refers to passwords, while choice (d) refers to memory/smart tokens. In general, passwords are the least expensive authentication technique and generally the least secure. Memory tokens are less expensive than smart tokens but have less functionality. Smart tokens with a human interface do not require reading equipment but are more convenient to use.
A secure and safe room should have which of the following? a. No more than one door b. No more than two doors c. No more than three doors d. No more than four doors
No more than two doors A secure and safe room should have no more than two doors. These doors should be solid, fireproof, lockable, and observable by physical security staff. One door is for entrance and the other one is for exit according to building fire code. Too many doors will provide too many escape routes for an intruder and not observable by the security staff.
Which of the following is not appropriate to provide adequate complementary physical access controls? a. ID badge card b. Password c. Magnetic stripe card d. Visitor log
Password Passwords provide logical access controls, not physical access controls. the other three are examples of complementary controls. Each control enhances other. A function or an area need not be weak to use complementary controls. Complementary controls can magnify the effectiveness of two or more controls when applied to a function, program, or operation. Identification (ID) badge cards, magnetic stripe cards, and visitor logs have a synergistic effect in providing a strong physical access control.
Which of the following is the last line of defense in a physical security? a. Perimeter barriers b. Exterior protection c. Interior barriers d. People
People The perimeter barriers (e.g. fences) are located at the outer edge of property and usually are the first line of defense. The exterior protection such as walls, ceilings, roofs, and floors of buildings themselves are considered the second line of defense. Interior barriers within the building such as doors and locks are considered the third line of defense. After all the above defenses are failed, the last line of defense is people, employees working in the building. They should question strangers and others unfamiliar to them.
Which of the following is the most costly countermeasure to reduce physical security risks? a. Procedural controls b. Hardware devices c. Electronic systems d. Personnel
Personnel Personnel such as security guards are the greatest expense due to direct salaries plus fringe benefits paid to them. It is good to use people only in those areas where procedural controls, hardware devices, or electronic systems cannot be utilized more effectively. Procedural controls are generally the least expensive such as logging visitors and recording temperatures. They can be manual or automated; the latter can be expensive. Hardware devices can include locks, keys, fences, gates, document shredders, vaults, barricades, etc. Electronic systems can include access controls, alarms, CCTV, detectors, etc.
Biometrics-based access controls are implemented using which of the following? a. Administrative and directive controls b. Physical and logical controls c. Management and preventive controls d. Corrective and recovery controls
Physical and Logical controls Physical controls (toke, key, and card) are used to identify a user, and logical controls (fingerprint and voice) are used to authenticate the same user.
Which of the following has a bearing on opportunities for electronic surveillance? a. Physical characteristics of a building b. Electrical characteristics of a building c. Mechanical characteristics of a building d. Environmental characteristics of a building
Physical characteristics of a building The physical characteristics of a building have a bearing on opportunities for audio and electronic surveillance. Some of these factors are poor access control designs, inadequate soundproofing, common or shared ducts, and space above false ceilings that enable access for the placement of devices. Physical inspection of these weak areas will hinder penetration.
Which of the following is not a technical security measure? a. Hardware b. Software c. Firmware d. Physical control
Physical control A major part of the security of an IT system can often be achieved through nontechnical measures, such as organizational, personnel, physical, and administrative controls. However, there is a growing tendency and need to employ technical IT security measures implemented in hardware, software, and firmware.
Which of the following security safeguards is ineffective in an on-line application system serving multiple users at multiple locations? a. Procedural controls b. Physical controls c. Hardware controls d. Software controls
Physical controls An on-line application system serving multiple users at multiple locations assumes that a network is in place. With a network there is often no centralized computer room with physical security controls that can be implemented. Therefore, physical controls are ineffective. Examples of physical controls include locked doors, intrusion detection devices, security guards, and magnetic badge readers that restrict physical access. Choice (a) is incorrect because procedural controls include instructions to request a user profile, adding and deleting users, and instructions to request database views, etc. Choice (c) is incorrect because hardware controls include fault tolerance devices such as disk mirroring and/or disk duplexing, smart card processing, encryption, parity checks, and switched ports. Choice (d) is incorrect because software controls include user IDs and passwords, smart card processing, encryption, check digits, and message authentication.
Which of the following measures provides a first line of defense against potential risks and threats in a computer center? a. Application security b. Data security c. Physical security d. Telecommunications security
Physical security Physical security measures (e.g. locks and keys) are the first line of defense against potential risks and exposures and are mostly hardware-related. The securities listed in the other three choices are mostly software-related.
Which of the following security controls is simple to implement with the least amount of delay? a. Operating system security controls b. Network security controls c. Physical security controls d. Application system security controls
Physical security controls Physical security is achieved through the use of locks, guards, and administratively controlled housing the computer and related equipment against damage from accident, fire, and environmental hazards, thus ensuring the protection of their contents. Physical security measures are the first line of defense against the risks that stem from the uncertainties in the environment as well as from the unpredictability of human behavior. Frequently, they are the simplest safeguards to implement and can be put into practice with the least delay. The controls listed in the other three choices take a long time to implement and are not simple to install.
The most common concern regarding a physical security area is: a. Fire suppression system b. Piggybacking c. Locks and keys d. Natural disaster
Piggybacking Piggybacking occurs when unauthorized access is gained to a computer system of facility via a user's legitimate connection. Then both the authorized and the unauthorized person enter the sensitive area. This kind of entry cannot be predicted or anticipated and it's frequency of occurrence can be high. Fire suppression systems (choice a) should not be a concern if tested periodically. Locks and keys (choice c) are the first line of defense against intruders entering into a computer center building or computer room. Natural disasters (choice d) are not a concern because of their low frequency.
Which of the following delays water release? a. Wet pipe b. Preaction pipe c. Water pipe d. Gas pipe
Preaction pipe A wet pipe releases water at a set temperature. The preaction pipe sounds an alarm and delays water release. A water pipe does not delay water release. Gas pipe is a distractor here.
Which of the following intruder detection systems cannot be used as a primary system? a. Photoelectric detection systems b. Motion detection systems c. Proximity detection systems d. Audio detection systems
Proximity detection systems Proximity detection systems identify the approach or presence of an object or an individual. It is designed to be supplemental and cannot be used effectively as a primary system because of the system's vulnerability to nuisance alarms caused by electric supply fluctuations and by the presence of mops, pails, etc., placed near the system. Animals and birds can trigger a system into alarm if it is too sensitive. Therefore, proximity systems should be backed up by other security systems. Photoelectric systems operate based on light, motion systems operate based on signal, and audio systems operate based on sound.
What is the first step to do in case of a fire? a. Report the fire b. Extinguish the fire c. Avoid panic d. Do not use elevators
Report the fire As part of fire prevention tips, fire should be reported first, and then attempts should be made to extinguish it. Other actions include: never open a "hot" door, pull alarm system, and try to escape.
Advanced microelectronic techniques make PCs vulnerable to bugging. The best detective control procedure is to: a. Check all employee's personal bags or briefcases when they leave work b. Issue a policy statement restricting such unauthorized acts c. Make sure that technicians performing maintenance work are both authorized and qualified d. Require that a pass-out ticket be obtained after a technical review of PC working conditions
Require that a pass-out ticket be obtained after a technical review of PC working conditions A transmitter chip or circuit board could be installed, removed, or submitted by a person for unauthorized purpose. Choices (b) and (c) are preventive controls, which may not be effective in this situation. Choices (a) and (d) are detective controls where choice (d) is very effective because a review and/or testing of the working condition of the PC provides a reasonable assurance of being bug free.
The vulnerability of a facility to damage or attack may be assessed by all of the following except: a. Inspection b. History of losses c. Security controls d. Security budget
Security budget Examining a security budget cannot reveal much because there is no direct correlation between the budget and the vulnerability. An inspection of the facility by an experienced inspector can reveal the status of the facility and it's associated controls. Examination of the facility's record of losses can reveal how bad the situation is. The degree of security controls installed can reveal whether high-value property is properly safeguarded from theft by insiders or attack by outsiders.
A device or devices that sense(s) vibration or motion is (are) called: a. Vibration detector only b. Seismic detector and vibration detector c. Proximity detector and seismic detector d. Intrusion detector and vibration detector
Seismic detector and vibration detector A seismic detector is a device that senses vibration or motion and thereby senses a physical attack upon an object or structure. A vibration detector is the same as a seismic detector. A proximity detector is a device that initiates a signal (alarm) when a person or object comes near the protected object. An intrusion detector is a device designed to detect an individual crossing a line or entering an area.
Which of the following is not one of the four legs of a fire? a. Heat b. Fuel c. Oxygen d. Smoke
Smoke Smoke is a by-product of a fire while heat, fuel, oxygen, and chemical reaction are the four legs of a fire.
Which of the following is a proper control in a computer room? a. Smoke detection equipment shuts down the wet pipe equipment b. Smoke detection equipment shuts down the air-conditioning equipment c. Smoke detection equipment shuts down the preaction pipe equipment d. Smoke detection equipment shuts down the water pipe equipment
Smoke detection equipment shuts down the air-conditioning equipment The smoke detection system should shut down the air-conditioning equipment. Similarly, an emergency power shutdown should include shutting down the air-conditioning system. The reason is that when there is smoke or a power loss, the air-conditioning equipment should be turned off so people do not inhale smoke.
Which of the following statements about sprinkler systems is not true? a. Sprinkler systems cause water damage b. Sprinkler systems reduce fire damage locally c. Sprinkler systems protect human lives of building occupants d. Sprinkler systems limit fire damage to the building itself
Sprinkler systems cause water damage When properly installed, maintained, and provided with an adequate supply of water, automatic sprinkler systems are highly effective in protecting buildings and their contents. Nonetheless, one often hears uniformed persons speak of the water damage done by sprinkler systems as a disadvantage. Fires that trigger sprinkler systems cause the water damage. In short, sprinkler systems reduce the fire damage, protect the lives of building occupants, and limit the fire damage to the building itself.
Which of the following pairs of items create a conflicting situation in a computer center? a. Fire-resistant file cabinets, vital records b. Sprinkler systems, water damage c. Fire detection system, alarms d. Furniture and equipment, noncombustible materials
Sprinkler systems, water damage Sprinkler systems are desirable if the computer room construction contains combustible materials. While sprinklers extinguish fire, extensive water can damage some areas and materials in the room due to use of the sprinkler system. Choice (d) has no conflict because furniture and equipment in a computer room should be constructed of metal or other noncombustible material. Choice (c) has no conflict because fire detection and extinguishing systems should have alarms to signal trouble and to communicate problems to a specific location that is always manned. Choice (a) has no conflict because vital records should be stored in a fire-resistant cabinet file.
All of the following are benefits of automated environmental controls over manual monitoring except: a. System probes to perform diagnosis and analysis b. Orderly shutdown of the host system c. Slow recovery d. Problem recording and notification
System probes to perform diagnosis and analysis
Which of the following combination of controls is not appropriate to prevent unauthorized people from entering a computer center? a. Double-locked doors b. Television monitors c. Terminal IDs d. Picture ID badges
Terminal IDs Logical access controls verify the terminal identification (ID) number and not a part of physical security. Logical access controls provide a technical means of controlling what information users can utilize, the programs they can run, and the modifications they can make. Choices (a), (b), and (d) deal with physical security, which is the right kind of control to prevent unauthorized people from entering a computer center. This combination of physical security controls provides good protection.
Which one of the following fire stages does not produce smoke? a. The incipient stage b. Smoldering stage c. Flame stage d. Heat stage
The incipient stage A normal fire proceeds through four stages: the incipient, smoldering, flame, and heat stages. In the incipient stage, no smoke is given out. Smoke begins to appear in the smoldering stage. In the flame stage, actual flame can be seen. The heat is intense and building up in the final, heat stage.
Any security measure must be cost-beneficial. UPS systems address electric power failures. Which one of the following cost factors is of least concern to the installation of UPS system? a. The size of the gas fuel supply b. The size of the electric load it can support c. The number of minutes it can support the load d. The speed with which it assumes the load when the primary source fails
The size of the gas fuel supply A number of security measures are available to address electric power failures differing in both cost and performance. For example, the cost of a UPS depends on the size of the electric load it can support (choice b), the number of minutes it can support the load (choice c), and the speed with which it assumes the load when the primary power source fails (choice d). An on-site power generator can also be installed either in place of UPS or in order to provide long-term backup to a UPS system. The size of the gas fuel supply (choice a) is a design decision along with the magnitude of the load the generator will support and the facilities to switch the load from the primary source of the UPS to the on-site generator.
More fire fatalities are caused by which of the following? a. Smoke b. Toxic gases c. Heat d. Flames
Toxic gases
Which of the following sensors detect the sounds of forced entry into a computer facility? a. Penetration sensor b. Microwave sensor c. Ultrasonic sensor d. Photoelectric sensor
Ultrasonic sensor Ultrasonic sensors operate by sounds. Penetration sensors detect normal entry through doors, windows, walls, or any other opening into the protected area. Microwave sensors operate by radio or radar frequency transceiver. Photoelectric sensor operates by an interruption of light beam transmitted to the receiver.
Which of the following represents the upper end of the protection scale against electrical problems (e.g.,sags) in a computer center? a. Battery backup b. Power filters c. Power conditioners d. Uninterruptible power supply
Uninterruptible power supply The order of protection scale from lower end to upper end is as follows: battery backup, power filters, power conditioners, and UPS. Battery backup has a short life (that is, low-end protection) compared to the UPS (which is high-end protection). Power filters filter the sags, spikes, and impulse noises. Power conditioners regulate the voltage into the system. UPS can clean up most of the power problems such as spikes, surges, sags, brownouts, blackouts, frequency variations, transient noises, and impulse hits.
Which of the following combination controls would not be appropriate in extinguishing fires? a. Smoke/fire detectors b. Water sprinklers c. Uninterruptible power supply equipment d. Fire or evacuation drills
Uninterruptible power supply equipment UPS equipment does not by itself help in extinguishing a fire. UPS will prolong an electrical power supply when there is a power failure. Smoke/fire detectors (choice a) combined with water sprinklers (choice b) will help detect or put out an actual fire. Fire or evacuation drills (choice d) will help in getting ready for an actual fire. A single control would rarely suffice to meet control objectives. Rather, a combination of controls is needed to make up a whole and to provide a synergistic effect. In the example, all three controls are needed to be effective.
The effectiveness of physical security controls is most determined by which of the following? a. Control device used b. Vulnerabilities in the device c. Implementation of the device d. Operation of the device
Vulnerabilities in the device Organizations should determine whether intruders could easily defeat the controls (i.e. vulnerabilities) in the access control devices. Until the vulnerabilities are eliminated, implementation and operation of the control device do not matter much.
What can take the heat off the fire safely? a. Water b. Carbon dioxide c. Soda ash d. Halon gas
Water Water takes the heat off the fire, and it is safe compared to other choices. Carbon dioxide, soda ash, and Halon can be injurious.
Which one of the following statements is not true regarding a water-based fire extinguishing system? a. Water cools the equipment relatively quickly b. The release of water can be localized to where it is needed c. Water and Halon gas systems are mutually exclusive d. Jet sprayers can be an alternative to water sprinklers
Water and Halon gas systems are mutually exclusive Water and Halon gas should be used in conjunction with heat and smoke detectors and mechanisms for automatically shutting off electrical power and air-conditioning devices. Choice (a) is incorrect because water cools the equipment relatively quickly. Choice (b) is incorrect because the release of water can be localized to where it is needed. Choice (d) is incorrect because jet sprayers can be an alternative to water sprinklers. Jet sprayers located on the ceiling spray a fine water mist that turns to steam on contact with the fire, smothering it. Choices (a), (b), and (d) are true.
Which one of the following replacements for the Halogenated agents Water fog(Halon 1211 and 1301) is the safest to humans? a. FM-200 b. Argon c. Water fog d. Inergen
Water fog The production of Halogenerated agents (Halon 1211 and 1301) was stopped in January 1994 due to their depletion of the Ozone layer. Many replacements were found but the water fog is the safest one to humans.
Which one of the following water sprinkler system elements consists of fire-activated devices? a. Water supply b. Water heads c. Water control valves d. Alarm system
Water heads A water sprinkler system consists of the following elements: water supply, fire-activated sprinkler devices (heads), water control valves, and a mechanism to activate the audible alarm system.
Which of the following is the most commonly used sprinkler system? a. Wet-pipe systems b. Dry-pipe system c. Carbon dioxide system d. Halon system
Wet-pipe systems Wet-pipe systems are the most commonly used an are applicable when freezing is no threat to its operation. The next most popular one is the dry-pipe. The carbon dioxide system is dangerous to people's health and the Halon system cannot be used anymore due to a halt in Halon production.