CISSP Topic 10 - Physical (Environmental) Security
A
A momentary high voltage is a: A. spike B. blackout C. surge D. fault
C
A momentary low voltage, from 1 cycle to a few seconds, is a: A. spike B. blackout C. sag D. fault
D
A momentary power outage is a: A. spike B. blackout C. surge D. fault
B
A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault
C
A prolonged high voltage is a: A. spike B. blackout C. surge D. fault
A
A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault
B
According to ISC2, what should be the fire rating for the internal walls of an information processing facility? A. All walls must have a one-hour minimum fire rating. B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. C. All walls must have a two-hour minimum fire rating. D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.
A
At which temperature does damage start occurring to magnetic media? A. 100 degrees Fahrenheit or 37'7º Celsius B. 125 degrees Fahrenheit or 51.66 Celsius C. 150 degrees Fahrenheit or 65,5º Celsius D. 175 degrees Fahrenheit or 79,4º Celsius
C
Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop- down ceiling. This area is referred to as the: A. smoke boundary area B. fire detection area C. Plenum area D. Intergen area
D
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls
A
Crime Prevention Through Environmental Design (CPTED) is a discipline that: A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior.
A
Critical areas should be lighted: A. Eight feet high and two feet out. B. Eight feet high and four feet out. C. Ten feet high and four feet out. D. Ten feet high and six feet out.
B
Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers
D
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Transient Noise B. Faulty Ground C. Brownouts D. UPS
D
Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords
D
For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? A. 3' to 4' high. B. 6' to 7' high. C. 8' high and above with strands of barbed wire. D. Double fencing
A
Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access
B
How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.
D
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? A. Relief valve B. Emergency valve C. Release valve D. Clapper valve
D
In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. Fail Soft B. Fail Open C. Fail Safe D. Fail Secure
B
Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security? A. Administrative control mechanisms B. Integrity control mechanisms C. Technical control mechanisms D. Physical control mechanisms
D
The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget
C
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illuminated at nine feet high with at least three foot-candles B. Illuminated at eight feet high with at least three foot-candles C. Illuminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles
B
The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is not one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks
C
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. Critical-channel analysis B. Covert channel analysis C. Critical-path analysis D. Critical-conduit analysis
B
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. Static electricity B. Corrosion C. Energy-plating D. Element-plating
A
The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? A. Static electricity B. Electro-plating C. Energy-plating D. Element-plating
A
The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. physical damage C. theft D. Tailgating
B
The most prevalent cause of computer center fires is which of the following? A. AC equipment B. Electrical distribution systems C. Heating systems D. Natural causes
B
The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. Preventative control. B. Detective control C. Compensating control D. Corrective control
C
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? A. Order an immediate refill with Halon 1201 from the manufacturer. B. Contact a Halon recycling bank to make arrangements for a refill. C. Order a Non-Hydro chlorofluorocarbon compound from the manufacturer. D. Order an immediate refill with Halon 1301 from the manufacturer.
D
To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it? A. Rate-of-rise temperature sensor installed on the side wall B. Variable heat sensor installed above the suspended ceiling C. Fixed-temperature sensor installed in the air vent D. Rate-of-rise temperature sensor installed below the raised floors
B
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher? A. When the fire is in its incipient stage. B. When the fire involves electrical equipment. C. When the fire is located in an enclosed area. D. When the fire is caused by flammable products.
C
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? A. When the fire involves paper products B. When the fire is caused by flammable products C. When the fire involves electrical equipment D. When the fire is in an enclosed area
A
What are the four basic elements of Fire? A. Heat, Fuel, Oxygen, and Chain Reaction B. Heat, Fuel, CO2, and Chain Reaction C. Heat, Wood, Oxygen, and Chain Reaction D. Flame, Fuel, Oxygen, and Chain Reaction
B
What can be defined as a momentary low voltage? A. Spike B. Sag C. Fault D. Brownout
A
What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.
C
What is the minimum static charge able to cause disk drive data loss? A. 550 volts B. 1000 volts C. 1500 volts D. 2000 volts
D
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
D
What physical characteristic does a retinal scan biometric device measure? A. The amount of light reaching the retina B. The amount of light reflected by the retina C. The pattern of light receptors at the back of the eye D. The pattern of blood vessels at the back of the eye
A
Which fire class can water be most appropriate for? A. Class A fires B. Class B fires C. Class C fires D. Class D fires
A
Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers
D
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? A. Palm Scan B. Hand Geometry C. Fingerprint D. Retina scan
B
Which of the following controls related to physical security is not an administrative control? A. Personnel controls B. Alarms C. Training D. Emergency response and procedures
D
Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? A. Wet pipe B. Dry pipe C. Deluge D. Preaction
C
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor
A
Which of the following is NOT a precaution you can take to reduce static electricity? A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooring
A
Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder
A
Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.
B
Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations? A. Restrict access to main air intake points to persons who have a work-related reason to be there B. Maintain access rosters of maintenance personnel who are not authorized to work on the system C. Escort all contractors with access to the system while on site D. Ensure that all air intake points are adequately secured with locking devices
A
Which of the following is a class A fire? A. common combustibles B. liquid C. electrical D. Halon
A
Which of the following is a class C fire? A. electrical B. liquid C. common combustibles D. soda acid
B
Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. A passive system sensing device B. A transponder C. A card swipe D. A magnetic card
A
Which of the following is currently the most recommended water system for a computer room? A. preaction B. wet pipe C. dry pipe D. deluge
B
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. traverse-mode noise B. common-mode noise C. crossover-mode noise D. transversal-mode noise
C
Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials
A
Which of the following is not an EPA-approved replacement for Halon? A. Bromine B. Innergen C. FM-200 D. FE-13
D
Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks
D
Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems D. Security Guards
A
Which of the following is the preferred way to suppress an electrical fire in an information center? A. CO2 B. CO2, soda acid, or Halon C. water or soda acid D. ABC Rated Dry Chemical
C
Which of the following is true about a "dry pipe" sprinkler system? A. It is a substitute for carbon dioxide systems. B. It maximizes chances of accidental discharge of water. C. It reduces the likelihood of the sprinkler system pipes freezing. D. It uses less water than "wet pipe" systems.
B
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
B
Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?
C
Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?
D
Which of the following statements pertaining to air conditioning for an information processing facility is correct? A. The AC units must be controllable from outside the area. B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room. C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown. D. The AC units must be dedicated to the information processing facility.
D
Which of the following statements pertaining to fire suppression systems is TRUE? A. Halon is today the most common choice as far as agent are concern because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire. B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers. C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire. D. Water Based extinguisher are NOT an effective fire suppression method for class C (electrical) fires.
B
Which of the following statements pertaining to secure information processing facilities is incorrect? A. Walls should have an acceptable fire rating. B. Windows should be protected with bars. C. Doors must resist forcible entry. D. Location and type of fire suppression systems should be known.
A
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. Halon B. CO2 C. water D. soda acid
B
Which of the following type of lock uses a numeric keypad or dial to gain entry? A. Bolting door locks B. Cipher lock C. Electronic door lock D. Biometric door lock
C
Which type of fire extinguisher is most appropriate for a digital information processing facility? A. Type A B. Type B C. Type C D. Type D
B
While referring to Physical Security, what does Positive pressurization means? A. The pressure inside your sprinkler system is greater than zero. B. The air goes out of a room when a door is opened and outside air does not go into the room. C. Causes the sprinkler system to go off. D. A series of measures that increase pressure on employees in order to make them more productive.
A
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is best described as: A. Ownership B. Protecting specific areas with different measures C. Localized emissions D. Compromise of the perimeter