CISSP Quiz: Physical And Environmental Security!

1. Personal identity verification systems which use hand or fingerprint, handwriting, eye pattern, voice, face, or any other physical characteristics for authentication is

Biometric devices

Technological systems

Phyiometric devices

Physical analysis devices

Biometric devices rely on measurements of biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.

Explanation

Biometric devices rely on measurements of biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.

2. What is the primary objective of controlling entry into a facility or area?

Provide time management controls for all employees

Ensure that only authorized persons are allowed to enter

Keep potential hazards and contraband material out that could be used tocommit sabotage.

Identification purposes

The primary function of an access control system (ACS) is to ensure that only authorized personnel are permitted inside the controlled area. This can also include the regulation and flow of materials into and out of specific areas. Persons subject to control can include employees, visitors, customers, vendors, and the public. Access control measures should be different for each application to fulfill specific security, cost, and operational objectives.

Explanation

The primary function of an access control system (ACS) is to ensure that only authorized personnel are permitted inside the controlled area. This can also include the regulation and flow of materials into and out of specific areas. Persons subject to control can include employees, visitors, customers, vendors, and the public. Access control measures should be different for each application to fulfill specific security, cost, and operational objectives.

3. What are the elements of a physical protection system?

Determine, direct, dispatch, and report

Deter, detect, delay, and response

Display, develop, initiate, and apprehend

Evaluate, determine, dispatch, and detain

A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection. The system itself typically has some elements that fall into the essence of deter–detect—delay–respond.

Explanation

A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection. The system itself typically has some elements that fall into the essence of deter–detect—delay–respond.

4. Businesses face new and complex physical security challenges across the full spectrum of operations. Although security technologies are not the answer to all organizational security problems, if applied appropriately what will they provide?

Reducing electrical costs

Th ey can enhance the security envelope and in the majority of cases willsave the organization money

Government tax incentives for increased physical protection systems

Increased capital value of property with high-tech integrated technologies

These days, all businesses face new and complex physical security challenges across the full spectrum of operations. Although security technologies are not the answer to all organizational security problems, if applied appropriately, they can enhance the security envelope and, in the majority of cases, will save the organization money.

Explanation

These days, all businesses face new and complex physical security challenges across the full spectrum of operations. Although security technologies are not the answer to all organizational security problems, if applied appropriately, they can enhance the security envelope and, in the majority of cases, will save the organization money.

5. When using a piece of portable computing equipment or media, regardless of whether it is being used inside the facility or is being removed for legitimate business outside of the facility, simple protection methods need to be employed to maintain the equipment's security. These consist of __________________.

Cable locks, encryption, password protection, and increased awareness

Reducing vulnerability by protecting, off setting, or transferring the risk

Operational readiness, physical protection systems, and standard operatingprocesses

Increase awareness, environmental design, and physical security

When using a piece of portable computer equipment or media, regardless if it is being used inside the facility or is being removed for legitimate business outside of the facility, simple protection methods need to be employed to maintain the security of the equipment: use a cable lock, do not leave the equipment unattended or unsecured, use strong passwords, and encrypt data.

Explanation

When using a piece of portable computer equipment or media, regardless if it is being used inside the facility or is being removed for legitimate business outside of the facility, simple protection methods need to be employed to maintain the security of the equipment: use a cable lock, do not leave the equipment unattended or unsecured, use strong passwords, and encrypt data.

6. Physical security is applied by using physical protective measures to prevent or minimize theft, unauthorized access, or destruction of property.

Layers

Methods

Varieties

Types

The primary goal of a physical protection program is to control access into the facility. In the concept of defense-in-depth, barriers are arraigned in layers, with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.

Explanation

The primary goal of a physical protection program is to control access into the facility. In the concept of defense-in-depth, barriers are arraigned in layers, with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.

7. What crime reduction technique is used by architects, city planners, landscapers, interior designers, and security professionals with the objective of creating a physical environment that positively influences human behavior?

Asset protection and vulnerability assessments

Reducing vulnerability by protecting, off setting, or transferring the risk

Crime prevention through environmental design

Instituting employee screening and workplace violence programs

Crime prevention through environmental design (CPTED) is a crime reduction technique that has several key elements applicable to the analysis of the building function and site design against physical attack. It is used by architects, city planners, landscapers, interior designers, and security professionals with the objective of creating a climate of safety in a community by designing a physical environment that positively influences human behavior.

Explanation

Crime prevention through environmental design (CPTED) is a crime reduction technique that has several key elements applicable to the analysis of the building function and site design against physical attack. It is used by architects, city planners, landscapers, interior designers, and security professionals with the objective of creating a climate of safety in a community by designing a physical environment that positively influences human behavior.

8. CCTV technologies make possible four distinct yet complementary functions. Th e first is a visual assessment of an alarm or other event. This permits the operator to assess the nature of the alarm before initiating a response. What are the other three functions of CCTV?

Surveillance, deterrence, and evidentiary archives

Intrusion detection, response, and remediation

Optical, lighting, and safety

Monitoring, inspection, and response

Uses of CCTV systems for security services include several diff erent functions: surveillance, assessment, deterrence, and evidentiary archives.

Explanation

Uses of CCTV systems for security services include several diff erent functions: surveillance, assessment, deterrence, and evidentiary archives.

9. A vulnerability assessment tour of a facility is designed to gather information regarding the general layout of the facility, the location of key assets, information about facility operations and production capabilities, and locations and types of physical protection systems. During this tour and subsequent tours the assessment of any vulnerability of a facility or building should be done

Determining where all the fi re exits are located

Within the context of the defi ned threats and the value of the organization’sassets

Counting the number of employees within the facility

Determining the structural strength of the perimeter walls

The assessment of any facility or building's vulnerability should be done within the context of the defined threats and the value of the organization’s assets. Each element of the facility should be analyzed for vulnerabilities to each threat, and a vulnerability rating should be assigned. A vulnerability assessment may change the value rating of assets due to identifying critical nodes or some other factor that makes the organization’s assets more valuable.

Explanation

The assessment of any facility or building's vulnerability should be done within the context of the defined threats and the value of the organization’s assets. Each element of the facility should be analyzed for vulnerabilities to each threat, and a vulnerability rating should be assigned. A vulnerability assessment may change the value rating of assets due to identifying critical nodes or some other factor that makes the organization’s assets more valuable.

10. Designing a new building to mitigate threats is simpler and more cost-effective than retrofitting an existing building. Important security benefits are achieved not by hardware and electronic devices but by shrewd site selection, proper placement of the building on the site, and careful location of the building occupants and functions to minimize exposure to the threat. These factors also have the benefit of reducing operating expenses over the lifetime of the building. An obvious example of this is planning for:

Limiting the number of entrances to the site that must be monitored,staffed and protected

Reducing the cost associated with energy needs in providing the physicalprotection system

Giving employees easy access to the facility without their knowledge of thesecurity components used in monitoring their activities

Blast reinforcement fi lm on all perimeter windows

Gates exist to facilitate and control access. Gates need to be controlled to ensure that only authorized persons and vehicles pass through. It is best to minimize the number of gates and access points because any opening is always a potential vulnerability. Each gate requires resources whether it uses electronic access control or a guard. The fewest number of entry points, the better the control of the facility.

Explanation

Gates exist to facilitate and control access. Gates need to be controlled to ensure that only authorized persons and vehicles pass through. It is best to minimize the number of gates and access points because any opening is always a potential vulnerability. Each gate requires resources whether it uses electronic access control or a guard. The fewest number of entry points, the better the control of the facility.

11. Th e strategy of forming layers of protection around an asset or facility is known as

Secured perimeter

Defense-in-depth

Reinforced barrier deterrent

Reasonable asset protection

In the concept of defense-in-depth, barriers are arraigned in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.

Explanation

In the concept of defense-in-depth, barriers are arraigned in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on.

12. Which security control is most effective in curtailing and preventing "piggybacking" or "tailgating" as a means of unauthorized access?

Cameras

Turnstiles

Keys

Identification badges

A common and frustrating loophole in an otherwise secure access control systems can be the ability of an unauthorized person to follow through a checkpoint behind an authorized person, called “piggybacking” or “tailgating.” One solution is an airlock-style arrangement called a mantrap, in which a person opens one door and waits for it to close before the next door opens. Another available system is a turnstile, which can be used as a supplemental control to assist a guard or receptionist while controlling access into a protected area.

Explanation

A common and frustrating loophole in an otherwise secure access control systems can be the ability of an unauthorized person to follow through a checkpoint behind an authorized person, called “piggybacking” or “tailgating.” One solution is an airlock-style arrangement called a mantrap, in which a person opens one door and waits for it to close before the next door opens. Another available system is a turnstile, which can be used as a supplemental control to assist a guard or receptionist while controlling access into a protected area.

13. What would be the most appropriate interior sensor used for a building that has windows along the ground floor?

Infrared glass-break sensor

Ultrasonic glass-break sensors

Acoustic and shock wave glass-break sensors

Volumetric sensors

Glass-break sensors are a good intrusion detection device for buildings with a lot of glass windows and doors with glass panes. The use of dual-technology glass break sensors—acoustic and shock wave—is most effective. The reason is that if the only acoustic is used and an employee pulls the window blinds up, it can set off a false alarm; but if it is set to a dual-alarm system both acoustic and shock sensors will need to be activated before an alarm is triggered.

Explanation

Glass-break sensors are a good intrusion detection device for buildings with a lot of glass windows and doors with glass panes. The use of dual-technology glass break sensors—acoustic and shock wave—is most effective. The reason is that if the only acoustic is used and an employee pulls the window blinds up, it can set off a false alarm; but if it is set to a dual-alarm system both acoustic and shock sensors will need to be activated before an alarm is triggered.

14. All visitors entering the facility should sign in and out on a visitor's log, whether a pen and paper system or a computer-based system, to maintain accountability of who is in the facility. This system is also established for what other reasons?

For the purpose of detection, accountability, and the necessity for response

Access control and surveillance

Timeframe of the visit, who was visited, and in the case of an emergencyhave accountability of everyone for safety purposes

For planning assessment and the requirements of proper designation

All visitors entering the facility should sign in and out on a visitor’s log to maintain accountability of who is in the facility, the timeframe of the visit, who they visited, and in the case of an emergency have the accountability of everyone for safety purposes.

Explanation

All visitors entering the facility should sign in and out on a visitor’s log to maintain accountability of who is in the facility, the timeframe of the visit, who they visited, and in the case of an emergency have the accountability of everyone for safety purposes.

15. The key to a successful physical protection system is the integration of:

People, procedures, and equipment

Technology, risk assessment, and human interaction

Protecting, off setting, and transferring risk

Detection, deterrence, and response

The key to a successful system is the integration of people, procedures, and equipment into a system that protects the targets from the threat. A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection.

Explanation

The key to a successful system is the integration of people, procedures, and equipment into a system that protects the targets from the threat. A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection.

16. What would you call a comprehensive overview of a facility to include physical security controls, policy, procedures, and employee safety?

Availability assessment

Security survey

Budgetary and financial performance

Defense-in-depth

Before any project begins there must be an assessment made in order to put together an operational plan and a practical approach to securing the facility. This security assessment can also be called a security survey, vulnerability assessment, or risk analysis.

Explanation

Before any project begins there must be an assessment made in order to put together an operational plan and a practical approach to securing the facility. This security assessment can also be called a security survey, vulnerability assessment, or risk analysis.

17. What are the means of protecting the physical devices associated with the alarm system through line supervision, encryption, or tamper alarming of enclosures and components?

Tamper protection

Target hardening

Security design

UL 2050

Tamper protection is the means of protecting the physical devices associated with the alarm system through line supervision, encryption or tamper alarming of enclosures and components.

Explanation

Tamper protection is the means of protecting the physical devices associated with the alarm system through line supervision, encryption or tamper alarming of enclosures and components.

18. Security lighting for CCTV monitoring generally requires at least 1 to 2 footcandles (FC) of illumination. What is the required lighting needed for safety considerations in perimeter areas such as parking lots or garages?

3 fc

5 fc

7 fc

10 fc

Lights used for CCTV monitoring generally require at least one to two footcandles of illumination, whereas the lighting needed for safety considerations in exterior areas such as parking lots or garages substantially greater (at least 5 fc).

Explanation

Lights used for CCTV monitoring generally require at least one to two footcandles of illumination, whereas the lighting needed for safety considerations in exterior areas such as parking lots or garages substantially greater (at least 5 fc).

19. To successfully complete a vulnerability assessment, it is critical that protection systems are well understood. This objective includes

Threat definition, target identification, and facility characterization

Threat definition, conflict control, and facility characterization

Risk assessment, threat identifi cation, and incident review

Threat identification, vulnerability appraisal, and access review

In the beginning, a good assessment requires the security professional to determine specific protection objectives. These objectives include threat definition, target identification, and facility characteristics.

Explanation

In the beginning, a good assessment requires the security professional to determine specific protection objectives. These objectives include threat definition, target identification, and facility characteristics.

20. Laminated glass is made from two sheets of ordinary glass bonded to a middle layer of resilient plastic. It may crack when it is struck, but the pieces of glass tend to stick to the plastic inner material. This glass is recommended in what type of locations?

All exterior glass windows

Interior boundary penetration and critical infrastructure facility

Street-level windows, doorways, and other access areas

Capacitance proximity, intrusion detection locations, and boundary penetrationsites

Laminated glass is recommended for installation in street-level windows, doorways, and other access areas.

Explanation

Laminated glass is recommended for installation in street-level windows, doorways, and other access areas.