1 / 36

Physical Security

Physical Security. CISSP Review Gonzalo Espinosa, CISSP, CISM. Overview. The Physical Security domain address the threats, vulnerabilities, and countermeasures which can be utilized to physically protect an enterprise’s resources and sensitive information.

Download Presentation

Physical Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Physical Security CISSP Review Gonzalo Espinosa, CISSP, CISM

  2. Overview • The Physical Security domain address the threats, vulnerabilities, and countermeasures which can be utilized to physically protect an enterprise’s resources and sensitive information. • These resources include people, the facility in which they work, and the data, and the data, equipment, support systems, media and supplies they utilize.

  3. Overview • The candidate will be expected to know the elements involved in • Choosing a secure site • Its design and configuration, and the methods for securing the facility against unauthorized access • Theft of equipment and information, and • The environmental and safety measures needed to protect • People • The facility, and • Its resources

  4. 1. Which of the following should be the first step to be performed prior to installing cable wires in a computer center facility? a) Implement physical security controls b) Test the cables c) Check with local building codes d) Label the cables

  5. Choice (c) is the correct answer. Prior to any wiring installation it is good to contact the official local building code standard sources and people to ensure that the plant cable plant is consistent with electrical and fire codes. This is to protect the safety and security of the facility

  6. 2. Which of the following is the most costly countermeasure to reducing physical security risks? a) Procedural controls b) Hardware devices c) Electronic systems d) Personnel

  7. Choice (d) is the correct answer. Personnel such as security guards are the greatest expense due to direct salaries plus fringe benefits paid to them. It is good to use people only in those areas where procedural controls, hardware devices, or electronic systems can not be utilized at all or cannot be utilized more effectively. Procedural controls are generally the least expensive such as logging visitors and recording temperatures. They could be manual or automated, where the latter can be expensive. Hardware devices can include locks, keys, fences, gates, document shredders, vaults, barricades, etc. Electronic systems can include access controls, alarms, CCTV, detectors, etc.

  8. 3. Which of the following should be considered as delaying devices in physical security? a) Lights b) Safes c) Locks d) Vaults

  9. Choice (c) is the correct answer. Locks are considered as delaying devices only and not bars to entry. The longer it takes to open or break a lock the shorter the patience for an intruder. The idea is that officials will soon be arriving at the place if it takes longer to open a lock. Lights serve as deterrent to violators. Safes provide protection against fire, burglary, and robbery. Vaults are enlarged safe and could be supported by alarm systems.

  10. 4. The “vulnerability of a facility” to damage or attack may be assessed by all of the following except: a) Inspection b) History of losses c) Security Controls d) Security budget

  11. Choice (d) is the correct answer. Examining a security budget cannot reveal much since there is no direct correlation between the budget and the vulnerability. An inspection of the facility by an experienced inspector can reveal the status of the facility and its associated controls. Examination of the facility’s record of losses can reveal how bad the situation is. The degree of security controls installed can reveal whether high-value property is properly safeguarded from theft by insiders or attack by outsiders.

  12. 5. Which of the following is the last line of defense in a physical security? a) Perimeter barriers b) Exterior protection c) Interior barriers d) People

  13. Choice (d) is the correct answer. The perimeter barriers (e.g. fences) are located at the outer edge of property and usually are the first line of defense. The exterior protection such as walls, ceilings, roofs, and floors of buildings themselves are considered the second line of defense. Interior barriers within within the building such as doors and locks are considered the third line of defense. After all the above defenses are failed, the last line of defense would be people, employees working in the building. They should question strangers and others unfamiliar to them.

  14. 6. Which of the following is a safe practice to ensure physical security? a) Deter b) Detect c) Delay d) Deny

  15. Choice (a) is the correct answer. It is preferred to deter attacks against property, whether criminal or not. If not deterred, access to selected areas or properties should be denied. If not denied, attacks that occur should be detected. If not detected in time, attacks should be delayed to allow time for response by authorities.

  16. 7. Fires involving energized electrical equipment are rated as: a) Class A fires b) Class B fires c) Class C fires d) Class D fires

  17. Choice (c) is the correct answer. A classification of fires is based on the nature of the combustibles, relating directly to the efficacy of the extinguishing agents. Four classes are described as follows: Class A: Fires involving ordinary combustible solids (e.g., wood, cloth, paper, rubber, and many plastics) Class B: Fires involving flammable or combustible liquids and flammable gases Class C: Fires involving energized electrical equipment Class D: Fires involving certain combustible materials such as magnesium and sodium

  18. 8. A device or devices which sense(s) vibration or motion is (are) called: a) Vibration detector only b) Seismic detector and vibration detector c) Proximity detector and seismic detector d) Intrusion detector and vibration detector

  19. Choice (b) is the correct answer. A seismic detector is a device which senses vibration or motion and thereby senses a physical attack upon and object or structure. Vibration detector is the same as the seismic detector. A proximity protector is a device which initiates a signal (alarm) when a person or object comes near the protected object. An intrusion detector is a device designed to detect an individual crossing a line or entering an area.

  20. 9. Which of the following represents the upper end of the protection scale against electrical problems (e.g., sags) in a computer center? a) Batteries backup b) Power filters c) Power conditioners d) Uninterruptible power supply

  21. Choice (d) is the correct answer. The order of protection scale from lower end to upper end is as follows: batteries backup, power filters, power conditioners, and uninterruptible power supply (UPS). Battery backup has a short life (that is, low-end protection) compared to the UPS (which has high-end protection). Power filters filter the sags, spikes, and impulse noises. Power conditioners regulate the voltage into the system. UPS can clean up most of the power problems such as spikes, surges, sags, brownouts, blackouts, frequency variations, transient noises, impulse hits.

  22. 10. Which of the following pairs of items create a conflicting situation in a computer center? a) Fire-resistant file cabinets, vital records b) Sprinkler systems, water damage c) Fire detection system, alarms d) Furniture and equipment, noncombustible materials

  23. Choice (b) is the correct answer. Sprinkler systems are desirable if computer room construction contains combustible materials. While sprinklers extinguish fire, extensive water can damage some areas and materials in the room due to use of the sprinkler system. Choice (d) has no conflict because furniture and equipment in a computer room should be constructed of metal or other noncombustible material. Choice (c) has no conflict because fire detection and extinguishing systems should have alarms to signal troubles and to communicate problems to a specific location that is always manned. Choice (a) has no conflict because vital records should be stored in a fire-resistant cabinet file.

  24. 11. Which of the following measures provides a first line of defense against potential risks and threats in a computer center? a) Application security b) Data security c) Physical security d) Telecommunications security

  25. Choice (c) is the correct answer. Physical security measures (e.g., locks and keys) are the first line of defense against potential risks and exposures; and are mostly hardware-related. The securities listed in the other three choices are mostly software-related.

  26. 12. The least important factor to be considered when selecting an uninterruptible power system is: a) Fuel options b) Electrical load c) Battery duration d) Physical space

  27. Choice (a) is the correct answer. The selection of an uninterruptible power system is governed by three factors: electrical load, battery duration, and physical space. The electrical load represents the capacity for the UPS to supply power to the equipment properly. The battery duration is simply how long the UPS is supposed to support the equipment. Physical space will be required by any UPS. Fuel options, whether to use diesel or natural gasoline, can be considered at a later point in the decision making process.

  28. 13. Which of the following is a proper in a computer room? a) Smoke detection equipment shuts down the wet pipe equipment. b) Smoke detection equipment shuts down the air conditioning equipment. c) Smoke detection equipment shuts down the preaction pipe equipment. d) Smoke detection equipment shuts down the water pipe equipment.

  29. Choice (b) is the correct answer. The smoke detection system should shut down the air conditioning equipment. Similarly, an emergency power shutdown should include shutting down the air conditioning system. The reason being that when there is a smoke or power loss, the air conditioning equipment should be turned off so people do not inhale smoke.

  30. 14. All of the following are proper places for installing smoke detectors exept: a) In the ceiling of a building b) Under the raised floor c) In air return ducts of a building d) In water drains on the floor

  31. Choice (d) is the correct answer. For maximum use and benefit, smoke detectors should be installed in the ceiling, under the raised floor, or in air return ducts. Choices (a, b, and c) are proper places. Putting a smoke detector in water drains on the floor is improper.

  32. 15. Which of the following is the best place for sounding an alarm coming from a computer room? a) At a local station b) At a security guard station c) At a central station d) At a fire or police station

  33. Choice (d) is the correct answer. The best place for sounding an alarm coming from a computer room is at a fire or police station due to immediate action taken. There can be a delay at the other choices.

  34. 16. Electronic surveillance and wiretapping has increased due to which of the following? a) Telephone lines b) Bugging techniques c) Microchip technology d) Surveillance equipment

  35. Choice (c) is the correct answer. Miniaturization has greatly aided spying. With advances in microchip technology, transmitters can be so small as to be enmeshed in wallpaper, inserted under a stamp, or placed on the head of a nail.

  36. Physical Security CISSP Review Gonzalo Espinosa, CISSP, CISM

More Related