Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
96 Cards in this Set
- Front
- Back
at a strategic (Corp) level, the challenges for the information security professiona lincude:
|
understanding the discipline of PHysical security and building effect working relationships with thos who manage environmental and physical security
|
|
objective of physical, environment and procedural security
|
CIA
|
|
T/F physical threats include environmental conditions
|
True
|
|
three basic threat types:
|
1) Natural/environmental
2) threats from utility systems 3) man-made and political threats |
|
water leakage, humidity, dust, excessive high/low temps, power fluctuations/loss
|
environmental threats
|
|
75 percent of all attacks by insiders are
|
accidental
|
|
main aim of physical and procedural security is to
|
integrate w/ technical system security proving defense in depth
|
|
furthest physical extent that the organization can control
|
outermost perimeter
|
|
areas withing that require some add'l form of protection
|
inner permeter
|
|
areas such as suites or rooms
|
restricted areas
|
|
benefits of using existing measures in a new security strategy includes:
|
cost-effectiveness, any problem have been id'd and theh provied visible deterrent
|
|
Defense in depth adresses what four aims:
|
1) id and authentication individual w/ physical acces to tne enviroment
2) authorizing those indidivuals 3) monitoring ana accounting for action w/in the env 4) proving a contingency capability in the env |
|
ways to minimize turnover at guard posts
|
1) specific post orders, performance metrics and reasonable wages
|
|
rooms requiring special attn
|
central suit, comm center, server rooms
|
|
procedural controls for offices may include:
|
clear desk procedures
purching of storage media on fax, photocopier and telephone voice mail facilities end of day security checks |
|
countermeasure for water leakage and floodign
|
Emergency Power off (EPO)
|
|
Common types of fire and smok detection systems include:
|
ionization (charged smoke particles)
photoelectric (blockage of light by smoke) heat |
|
class fire estinguisher for paper, wood & laminates
|
Class A
|
|
Fire extinguisher for liquids. Usses gas or soda acid
|
Class B
|
|
Fire extinguisher for electrical equipment including wiring. uses gas
|
Class C
|
|
Fire extinguisher for combustible metals uses dry powder
|
Class D
|
|
Fire extinguisher for commercial kitchens
|
Class K
|
|
how to mitigate risk of fire suppression to h/w
|
- ensure systems are segregated by zone
- time delay before water |
|
considerations for walls,fences,barriers
|
- see all parts of barrier (CCTV, guard, other means)
- ensure lanscaping doesn't impede LoS - chain -link fence is properly taught - combo of barrier types |
|
Personnel barriers include
|
turnstiles and mantraps
|
|
factor for determining type of access control to use at personnel barriers
|
- # staff who need to pass at peak times
- swift exit in event of a fire |
|
most vulnerable type of locking system
|
Key and deadbolt (due to lost/stolen key)
|
|
type of locks that can be used to permin only authorized individual to gain access and can be programmed to limit certain times
|
smart locks
|
|
T/F smart lock use a central database
|
false
|
|
NVR
|
network video recorder
|
|
DVR
|
digital video recorder
|
|
type of IDS using foid or wire contact placed across dor or window frames..triggers when broken
|
electrical circuit
|
|
IDS using photoelectric cell that receives a small light source across the secure boundary..
|
Light beam
|
|
IDS measuring light energy w/in a physical range
|
Passive Infrared Detector (PIR)
|
|
IDS producuing and monitoring either a measure of distance or an acoustic energy patter
|
Microwave and ultrasonic
|
|
Procedural and physical security measures for laptops may include:
|
Carrying them in unmarked bags or briefcases
Transporting the hard disk separately from the laptop tamper detecction measures, tracing software or invisible marking systems protecting against illicit access w/ tokens Full disk encryption |
|
how to ensure combinations and PIN are changed on prescribed frequency/as ppl join & leave
|
Make records of people with access
|
|
aside from regular frequency, when should audits of physical security take place
|
when any significant breach of security or change in the risk, working practices, physical infrastructure indicates this may be needed
|
|
1. Which of these statements best describes the concept of defense in depth or the layered
defense model? |
A combination of complementary countermeasures
|
|
2. Sprinkler systems to defeat a fire outbreak may include either a dry pipe or wet pipe
mechanism. Which of these statements is not true of a dry pipe mechanism? |
It uses gas or powder, rather than a fluid, to choke the fire.
|
|
3. The geographical location of the site may affect the security requirement if it:
a. May be vulnerable to natural disaster (e.g., a floodplain) b. Lacks adequate access for, or the logistical support of, emergency services c. Experiences crime, including burglary, vandalism, street crime, and arson d. All of the above |
d. All of the above
|
|
4. Which of these infrastructure features would most likely present a physical vulnerability for an
information system? a. Fire escapes, including external and internal stairways b. The information security architecture c. The corporate compliance policy d. The internal telephone network |
a. Fire escapes, including external and internal stairways
|
|
Which one of these would be the principal practical benefit of utilizing existing physical or
procedural measures in an information system's security strategy? |
b. They are already tried, tested, and accepted by staff.
|
|
6. Which one of these is least likely to provide a physical security barrier for a system?
a. External site perimeter b. Protected zones (e.g., a floor or suite of rooms) within a building c. Communications channels d. Office layout |
c. Communications channels
|
|
7. Which of these is a procedural (rather than an administrative or technical) control?
a. System logging b. Purging storage media on, e.g., fax, photocopier, or voice mail facilities c. Developing a system security policy d. Configuring a firewall rule base |
b. Purging storage media on, e.g., fax, photocopier, or voice mail facilities
|
|
8. Which of these is not a common type of fire/smoke detection system?
a. Ionization b. Photoelectric c. Heat d. Movement |
d. Movement
|
|
9. Which one of these fire extinguisher classes is most appropriate for controlling fires in electrical
equipment or wiring? |
c. Class C
|
|
10. Which one of these is the strongest form of protective window glass?
|
d. Embedded wire mesh
|
|
11. Which one of these physical intruder detection systems reacts to fluctuations of ambient light
energy within its range? |
c. Passive infrared detector (PIR)
|
|
12. Which one of these physical locking devices requires the knowledge of a set of numbers and a
rotation sequence to achieve access? |
b. Combination lock
|
|
13. Which one of these is the most critical aspect of ensuring the effectiveness of a CCTV system?
|
c. Monitoring of and reaction to camera feeds
|
|
14. In terms of physical security, which one of these is the best measure to prevent loss of data in a
mobile computing scenario? a. Carry the laptop in an unmarked bag or briefcase. b. Carry the laptop's hard disk separately from the laptop. c. Use tamper detection measures or tracing software. d. Restrict access via tokens, such as smart cards. |
b. Carry the laptop's hard disk separately from the laptop.
|
|
15. Procedural security measures often fail because staff fail to appreciate why they should use
them. Which one of these measures may best address this? |
b. Security training and awareness
|
|
what are the elements of a physical protoection system?
|
deter, detect, delay respond
|
|
to understand protection systems includes`
|
thread definition, target id, and facility characterization
|
|
laminated glass is made from 2 sheets of oridinary glass bonded to a middle layer of resilient plastic. Where is this recommended for use?
|
street level windows, doorways and other access areas
|
|
the strategy of forming layer of protection
|
defense-in-depth
|
|
crime reduction technique used by architects, city planners, landscapers, interrior designers and security professionals
|
crim prevention through environmental design
|
|
The key to a successful physical protection system is the integration of
|
people, proceedures and equipment
|
|
what is the primary objective of controlling entry into a facility
|
ensuring only authorized access
|
|
Security light for CCTV montiry requires at least 1-2fc of illumnination. What about for parking lots/garages
|
5fc
|
|
what would be the most appropriate interior sensor for a bldg w/ windows along the ground floor
|
acoustic and shock-wave glass-break sensors
|
|
4 functions of CCTV:
|
visual assessment, surveillance, deterrence and evidentiary archives
|
|
business face new and complex physical securiy challenges across the full spectrum of ops. Although security tech are not the anwer to all org security blome, if applied appropriately what will they provide?
|
They can ehnahce the security envelope and int he majority of cass will sve the org money
|
|
what is the means of protectin the physical devices associate with the alarm system through line supervision, encryption or teamper alarming of enclosers and components?
|
Tamper protection
|
|
Fires need what 3 things
|
Fuel, heat, Oxygen
|
|
The most secure kind of door is:
|
mantrap
|
|
Which of the following does not support the goal of clean and steady power?
a) mobile geneators b) dedicated feeders c) surge suppressors d) UPS |
mobile generators
|
|
Inital surge of current req'd when there is an increa in power demand
|
in-rush current
|
|
types of noise
|
EMI and RFI
|
|
Most serious phsycial threat arising from HVAC systems
a) unauthrized human ingress/degress b) noxious fumes circulating through the system c) disease spread thorught eh system d) failure to operate |
failure to operate
|
|
Which of the following types of windows provide the best blast protection?
a) plate class b) tempered c) polycarbonate d) Acrylic |
Polycarbonate
|
|
Depth of field means
|
the portion of a picture that can be in sharp focus
|
|
The bigger the aperature opening (Smaller f-stop), the ___ the depth of field (area in focus)
|
narrower
|
|
Sprinkery system that allow the elease of large volumes of wahter in a shrt tiem ar called
|
deluge
|
|
which of the following is currently the most recommended water system for a computer room
|
Preaction
|
|
which of the following shoud be used to supress the fuel supply of a fire of common combustibles?
|
Soda Acid
|
|
what is not a feature of Cipher locks
a) hostage alarm b) key override c) voice activated d) master keying |
voice activated
|
|
Online UPS
|
power continually running through them and activated immediately if the primary source fails
|
|
The estimated lifetime of a device or the est timeframe until a compenentw/in a device gives out is called?
|
Mean time before Failure (MTBF)
|
|
MTTR
|
Mean time to repair
|
|
A secruity system that uses changes in heat weave in a particular ae to id possible intruders is called a
|
Passive infrared system
|
|
which of the following lock types prevents the removal of I/O devices by passing cables through a lockable unit?
|
Cable trap
|
|
Perimeter Intrusion Detection and Assessment Systems (PIDAS) consist of
|
boundary fencing with motion detectors
|
|
How far should fire extinguishers be located from electrical equipement?
|
50ft
|
|
What is the last line of defense in a physical security sense?
|
People
|
|
sytem releasing water extremely fast
|
deluge
|
|
system where detectors sens disruptions in electromagentic field
|
proximity detector
|
|
What is the threshold temp at which computer devices will become damaged
|
175F
|
|
which is not character of a systen sensing proximity card reader
|
User activated
|
|
After Halon, reflill with what according to Montreal protocol
|
FM-200
|
|
Lighting is what type of control
|
physical
|
|
how often should fire extinguishers be inspected
|
quarterly
|
|
The montreal protocol has declared that Halon should no longer be used because of its negative effects on the ozeon and humans. Which is not a replacement for Halon?
a) NAF-S-III b) DD3-410 c) Water d) CEA-410 |
DD3-410
|
|
The primary goal of all locks is to server as what type of a physical barrier?
|
delay device
|
|
What provides controlled and un-intercepted interfaces into privileged user functions
|
Trusted paths
|