Ethical Hacking 3.2.5
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? answer A c-mount camera A bullet camera A dome camera A Pan Tilt Zoom camera
A dome camera A dome camera, which is a camera protected with a plastic or glass dome, is more vandal-resistant than other cameras. A c-mount camera has interchangeable lenses and is typically rectangle in shape with the lens on the end. Most c-mount cameras require a special housing to be used outdoors. A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas (cameras without PTZ capabilities are manually set looking toward a specific direction). A bullet camera has a built-in lens and is long and round in shape. Most bullet cameras can be used indoors or outdoors.
Which of the following best describes a lock shim? answer A small, angled, and pointed tool. A cut to the number nine position. A thin, stiff piece of metal. When the pins are scraped quickly.
A thin, stiff piece of metal.
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? answerCorrect Answer: Employee and visitor safety Physical access controls Perimeter barriers Physical access logs
Employee and visitor safety
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? answer Environmental threat Man-made threat External threat Cloud threat
Man-made threat
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? answer Mantraps Scrubbing Anti-passback Cable locks
Mantraps
The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? answer NVD CAPEC NIST JPCERT
NIST To protect data from threats and attacks, the U.S. Department of Commerce created the National Institute of Standards and Technology (NIST). NIST has released a special publication referred to as the NIST SP 800-53, which details security controls and assessment procedures that companies and organizations should implement to protect the integrity of their information systems. This document's goal is to protect organizational operations, assets, and individuals from many different kinds of threats, such as malicious cyberattacks, natural disasters, structural failures, and human errors. The National Vulnerability Database (NVD) was originally created in 2000 and is a government-sponsored, detailed database of known vulnerabilities. JPCERT is Japan's CERT organization. It provides security alerts and Japanese Vulnerability Notes (JVN). CAPEC is a dictionary of known patterns of cyberattacks used by hackers.
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? answer Opportunistic attack Environmental attack Physical attack Man-made attack
Physical Attack
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? answer Physical control Security sequence Security factors Layered defense
Security sequence The security sequence area of physical security should be deployed in the following sequence. If a step in the sequence fails, the next step should implement itself automatically. Deter initial access attempts. Deny direct physical access. Detect the intrusion. Delay the violator to allow for response. When designing physical security, implement a layered defense system. A layered defense system is one in which controls are implemented at each layer to ensure that defeating one level of security does not allow an attacker subsequent access. There are three security factors to keep in mind with physical security: prevention, detection, and recovery. Physical controls are measures you take to physical secure a building, secure the perimeter, and restrict access to only secure entry points.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? answer Train the receptionist to keep her iPad in a locked drawer. Require users to use workstation screensaver passwords. Replace the biometric locks with smart cards. Move the receptionist's desk into the secured area.
Train the receptionist to keep her iPad in a locked drawer. In this scenario, the best option is to add an additional layer of security is to train the receptionist to keep her iPad in a locked drawer
mportant aspects of physical security include which of the following? answer Influencing the target's thoughts, opinions, and emotions before something happens. Preventing interruptions of computer services caused by problems such as fire. Implementing adequate lighting in parking lots and around employee entrances. Identifying what was broken into, what is missing, and the extent of the damage.
Preventing interruptions of computer services caused by problems such as fire. Important aspects of physical security include: Restricting physical access to facilities and computer systems. Preventing interruptions of computer services caused by problems such as loss of power or fire. Preventing unauthorized disclosure of information. Disposing of sensitive material. Protecting the interior and exterior of your facility. Detection is identifying what was broken into, what is missing, and the extent of the damage. Preloading is influencing the target's thoughts, opinions, and emotions before something happens. Implement adequate lighting in parking lots and around employee entrances are control measures for employee and visitor safety.Important aspects of physical security include: Restricting physical access to facilities and computer systems. Preventing interruptions of computer services caused by problems such as loss of power or fire. Preventing unauthorized disclosure of information. Disposing of sensitive material. Protecting the interior and exterior of your facility. Detection is identifying what was broken into, what is missing, and the extent of the damage. Preloading is influencing the target's thoughts, opinions, and emotions before something happens. Implement adequate lighting in parking lots and around employee entrances are control measures for employee and visitor safety.
What are the three factors to keep in mind with physical security? answer Detection, prevention, and implementation Detection, implementation, and prevention Prevention, detection, and recovery Implementation, detection, and recovery
Prevention, detection, and recovery
