a. Logical security controls

b. Physical security controls

c. Application security controls

d. Network security controls

50. b. A key logger is software or hardware that collects every keystroke a user makes on his PC. Law enforcement authorities have used key loggers as a form of wiretap against suspected individuals. Now some viruses and worms can install key loggers to search for passwords and account numbers. The hardware-based key logger device plugs in between the user keyboard and his PC, which requires physical access to the PC to install the device. Under these circumstances, physical security controls are the best defense against hardware-based key loggers.

51. Which of the following is not an explicit design goal of a physical protection system based on sound engineering principles?

a. Provide protection-in-depth.

b. Provide line-of-sight to assets.

c. Minimize the consequences of component failures.

d. Exhibit balanced protection.

51. b. Defensive security measures provide barriers to movement of assets and obscures line-of-sight to assets. Obscuring, not providing, a line-of-sight is based on sound engineering design principles. Defensive security measures say that assets should not be visible to outsiders. (For example, a data center should not be visible from the street.) The other three choices are incorrect because they are explicit design goals of a physical protection system based on sound engineering principles.

52. Regarding a physical protection system, what is primarily the delay before detection?

a. Response

b. Deterrent

c. Detection

d. Defeat

52. b. Delay is the slowing down of adversary progress. Delay can be accomplished by response-force personnel (security guards), barriers, locks, and activated and automated delays. The measure of a delay’s effectiveness is the time required by the adversary after detection to bypass each delay element. Therefore, delay before detection is primarily a deterrent.

Response is incorrect because it consists of the actions taken by the response force to prevent adversary success. Detection is incorrect because it senses an act of aggression, assesses the validity of the detection, and communicates the appropriate information to a response force personnel (e.g., security guard). Defeat is incorrect because most protective systems depend on response personnel to defeat an aggressor.

53. A secure and safe room should have which of the following?

a. No more than one door

b. No more than two doors

c. No more than three doors

d. No more than four doors

53. b. A secure and safe room should have no more than two doors. These doors should be solid, fireproof, lockable, and observable by physical security staff. One door is for entrance and the other one is for exit according to building fire code. Too many doors provide too many escape routes for an intruder that security staff cannot observe.

54. Which of the following is not one of the four legs of a fire?

a. Heat

b. Fuel

c. Oxygen

d. Smoke

54. d. Smoke is a byproduct of a fire whereas heat, fuel, oxygen, and chemical reaction are the four legs of a fire.

55. Where do you start when considering physical security protection for new computer facilities?

a. Front to back

b. Back to front

c. Outside in

d. Inside out

55. d. The best strategy is to start with interior security, proceed to the exterior security, and then to the outer perimeter. This path provides a clear picture of all areas needing protection and ensures completeness of analysis.

56. Dry powder is used to extinguish which of the following fires?

a. Class A fires

b. Class B fires

c. Class C fires

d. Class D fires

56. d. Class D fire is extinguished by dry powder. Class A fire is extinguished by water, Class B by carbon dioxide, and Class C by a nonconducting extinguishing agent.

57. Which of the following physical intrusion-detection system components report on the condition of the system?

a. Motion sensors

b. Control unit

c. Monitor unit

d. Transmission lines

57. c. The physical intrusion detection system contains four components: motion sensors, control unit, monitor unit, and transmission lines. These components are integrated to operate in a specified manner. A monitor unit is a device that senses and reports on the condition of a system. Motion sensors detect movement inside the area to be protected. A control unit is the terminal box for all sensors. Transmission lines communicate events, signals, and sensors.

58. Which of the following sensors detect the sounds of forced entry into a computer facility?

a. Proximity sensors

b. Microwave sensor

c. Ultrasonic sensor

d. Photoelectric sensor

58. c. Ultrasonic sensors operate by sounds. Proximity sensors employ an electrical field such as electromagnetic or electrostatic. Microwave sensors operate by radio or radar frequency transceiver. A photoelectric sensor operates by an interruption of light beam transmitted to the receiver.

59. Which of the following statements is true about physical security and life safety?

a. Physical security strives to control entry.

b. Life safety focuses on providing easy exit from a facility.

c. Life safety measures are expensive.

d. It is possible to achieve an effective balance between physical security and life safety.

59. d. It is important to understand that the objectives of physical access controls may be in conflict with those of life safety. Simply stated, life safety focuses on providing easy exit from a facility, particularly in an emergency, whereas physical security strives to control entry. In general, life safety must be given first consideration, but it is usually possible to achieve an effective balance between the two goals. Life safety measures do not need to be expensive; sometimes the least expensive measures work best.

60. Which of the following sensors is used to call for assistance?

a. Contact sensor

b. Duress sensor

c. Vibration sensor

d. Infrared sensor

60. b. The duress sensor is used to call for assistance in case of danger, and it consists of a hand- or foot-operated switch usually found in bank teller areas. A contact sensor is activated when an electrical circuit is broken. A vibration sensor detects forced entry through metal barriers placed over windows, for example. An infrared sensor detects body heat.