CH19 Physical Security

15. You are a security administrator tasked with determining the expected losses a media firm may incur in the event of a fire. You estimate the firm could expect to lose half of its assets, equal to $10 million dollars. You also determine that the likelihood of a fire occurring is once every 10 years. What is the annual loss expectancy (ALE)? A. Loss of $500,000 B. Loss of $1,000,000 C. Gain of $250,000 D. Loss of $250,000

A. Loss of $500,000

11. Cipher locks, mantraps, and bollards are considered what? A. Physical controls B. Technical controls C. Crime prevention through environmental design D. Physical barriers

A. Physical controls

5. In the field of IT security, the concept of defense in depth is the layering of more than one control on another. Why is this? A. To provide better protection B. To build dependency among layers C. To increase logging ability D. To satisfy auditors

A. To provide better protection

13. An 8-foot-tall fence with razor wire stranded on top is considered what type of measure? A. A deterrent measure B. A preventative measure C. A corrective measure D. An industrial measure

B. A preventative measure

2. Which of the following is a detective control when not used in real time? A. Fences B. Alarms C. CCTV D. Locks

B. Alarms

4. Which intrusion prevention system can be used in conjunction with fences? A. Infrared wave patter B. Bollards C. Audio D. PIDAS

B. Bollards

10. Which of the following is a characteristic of USB flash drives that makes security a problem? A. Encrypted B. Easily hidden C. Portable D. Slow

B. Easily hidden

6. Which type of biometric system is frequently found on laptops but can be used on entryways as well? A. Retina B. Fingerprint C. Iris D. Voice recognition

B. Fingerprint

8. What is a type of combination lock? A. Key lock B. Card lock C. Cipher lock D. Trucker lock

C. Cipher lock

9. What mechanism is intended to deter theft of hard drives? A. Locks B. Backups C. Encryption D. Size

C. Encryption

12. Which of the following is considered an administrative control? A. Biometric device B. Mantrap C. Security policy D. Access control list

C. Security policy

1. Physical security can prevent which of the following? A. DDoS B. FTP C. Tailgating D. Cracking

C. Tailgating

7. Which of the following could be considered required components of an alarm system? A. A visual alerting method B. An audio alerting method C. Automatic dialup D. Both A and B

D. Both A and B

3. Which of the following is a good defense against tailgating and piggybacking? A. Cameras B. Guards C. Turnstiles D. Mantraps

D. Mantraps

14. What is the name given for the device component physically located on the motherboard that stores encryption keys for hard drives, preventing an adversary from removing the hard drive and using it on another computer? A. Hard drive encryption B. Crypto-locker C. Hardware Security Module D. Trusted Platform Module

D. Trusted Platform Module