Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
62 Cards in this Set
- Front
- Back
|
Which issue when selecting a facility site deals with the surrounding terrain, building markings and
signs, and high or low population in the area? A. surrounding area and external entities B. natural disasters C. accessibility D. visibility |
D. visibility
|
|
|
The concentric circle approach is used to
A. Evaluate environmental threats. B. Assess the physical security facility, C. Assess the communications network security. D. Develop a personnel security program. |
B. Assess the physical security facility,
|
|
|
Which is NOT considered a preventative security measure?
A. Preset locks B. Guards C. Fences D. Audit trails |
Answer: D
|
|
|
Which is NOT considered a preventative security measure?
A. Preset locks B. Guards C. Fences D. Audit trails |
D. Audit trails
|
|
|
The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security
program is to A. Provide hard evidence for criminal prosecution. B. Apprehend criminals. C. Deter criminal activity. D. Increase guard visibility. |
D. Increase guard visibility.
|
|
|
Which of the following is NOT a form of computer/network surveillance?
A. Use of CCTV cameras B. Use of network sniffers C. Keyboard monitoring D. Review of audit logs |
A. Use of CCTV cameras
|
|
|
Lock picking is classified under which one of the following lock mechanism attacks?
A. A cable lock B. A switch control C. A port control D. A file cabinet lock |
D. A file cabinet lock
|
|
|
Which one of the following is an example of electronic piggybacking?
A. Attaching to a communications line and substituting data. B. Abruptly terminating a dial-up or direct-connect session. C. Following an authorized user into the computer room. D. Recording and playing back computer transactions. |
C. Following an authorized user into the computer room.
|
|
|
What is a mantrap?
A.Control where both door remain unlock when someone enters B. preventive physical control with two doors C. the first door locks before the second door is opened |
B and C
|
|
|
Contraband Checks are
a. forged checks b. Badges issued for visitors c. physical checks such as in the airport where an individual or objects (such as suitcases) are checked for contraband |
B. IP spoofing attack
|
|
|
What is tailgating?
|
Entering a back door usually by socializing with an authorized person
|
|
|
What is greenfield?
|
An undeveloped area that can be used as a building site
|
|
|
What is the minimum and customary practice of responsible protection of assets that affects a
community or societal norm? A. Due diligence B. Risk mitigation C. Asset protection D. Due care |
D. Due care
|
|
|
The continual effort of making sure that the correct policies, procedures and standards are in place
and being followed is described as what? A. Due care B. Due concern C. Due diligence D. Due practice |
A. Due care
|
|
|
Which choice below is NOT a common example of exercising due care or due diligence in security practices?
Implementing employee casual Friday Implementing security awareness and training programs Implementing controls on printed documentation Implementing employee compliance statements |
A. Implementing employee casual Friday
|
|
|
What is Due Diligence?
a. the act of investigating and understanding the risks the company faces. b. shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible risks. c. understanding the current threats and risks d. implementing countermeasures to provide protection from those threats. |
c. understanding the current threats and risks
b. shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible risks. |
|
|
Which of the following is the most reliable, secure means of removing data from magnetic storage
media such as a magnetic tape, or cassette? A. Degaussing B. Parity Bit Manipulation C. Certification D. Buffer overflow |
A. Degaussing
|
|
|
What is the most secure way to dispose of data held on a CD?
A. Reformatting B. Sanitizing C. Physical destruction D. Degaussing |
C. Physical destruction
|
|
|
Which media control below is the BEST choice to prevent data remanence on magnetic tapes or floppy disks?
A. Applying a concentration of hydriodic acid (55% to 58% solution) to the gamma ferric oxide disk surface B. Overwriting the media with new application data C. Degaussing the media D. Making sure the disk is re-circulated as quickly as possible to prevent object reuse |
C. Degaussing the media
|
|
|
Which of the following questions is less likely to help in assessing physical and environmental protection?
A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled? |
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal
printed or electronic information? |
|
|
What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
A. Configuration error B. Environmental error C. Access validation error D. Exceptional condition handling error |
B. Environmental error
|
|
|
The Common Criteria construct which allows prospective consumers or developers to create
standardized sets of security requirements to meet there needs is A. a Protection Profile (PP). B. a Security Target (ST). C. an evaluation Assurance Level (EAL). D. a Security Functionality Component Catalog (SFCC). |
A. a Protection Profile (PP).
|
|
|
The concentric circle approach is used to
Evaluate environmental threats. Assess the physical security facility, Assess the communications network security. Develop a personnel security program. |
B. Assess the physical security facility,
|
|
|
Which of the following is a physical control?
A. Monitoring of system activity B. Environmental controls C. Identification and authentication methods D. Logical access control mechanisms |
B. Environmental controls
|
|
|
Context-dependent control uses which of the following to make decisions?
A. Subject or object attributes or environmental characteristics B. Data C. Formal models D. Operating system characteristics |
A. Subject or object attributes or environmental characteristics
|
|
|
Which choice below is NOT an element of a fiber optic cable?
A. BNC B. Jacket C. Core D. Cladding |
A. BNC
|
|
|
Which of the following questions is less likely to help in assessing physical and environmental protection?
A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled? |
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal
printed or electronic information? |
|
|
A prolonged high voltage is a:
A. Spike B. Blackout C. Surge D. Fault |
C. Surge
|
|
|
A prolonged power supply that is below normal voltage is a:
A. brownout B. blackout C. surge D. fault |
A. brownout
|
|
|
A prolonged power outage is a:
A. brownout B. blackout C. surge D. fault |
B. blackout
|
|
|
A momentary power outage is a:
A. spike B. blackout C. surge D. fault |
D. fault
|
|
|
A prolonged high voltage is?
A. Spike B. Blackout C. Surge D. Fault |
C. Surge
|
|
|
a temporary low voltage?
A. Spike B. Sag C. Fault D. Surge |
B. Sag
|
|
|
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady
power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Noise B. Humidity C. Brownouts D. UPS |
D. UPS
|
|
|
Which of the following is electromagnetic interference (EMI) that is noise from the radiation
generated by the difference between the hot and ground wires? A. common-mode noise B. traverse-mode noise C. transversal-mode noise D. crossover-mode noise |
A. common-mode noise
|
|
|
What fire suppression system can be used in computer rooms that will not damage computers and is safe for humans?
A. Water B. FM200 C. Halon D. CO2 |
B. FM200
|
|
|
Which of the following is not a EPA-approved replacement for Halon?
A. Water B. Argon C. NAF-S-III D. Bromine |
D. Bromine
|
|
|
Network cables that are poorly shield or run too closely together may suffer from
|
Crosstalk
|
|
|
What type of cable is used with 100Base-TX Fast Ethernet?
A. Fiber-optic cable B. Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires. C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires. D. RG.58 cable. |
C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair
STP) wires. |
|
|
Which is more susceptible to crosstalk?
Which is least susceptible to crosstalk? A. Unshielded Twisted Pair B. coaxial C. Fiber Optic Cable |
Most susceptible A. Unshielded Twisted Pair
Least susceptible Fiber optic |
|
|
Which of the following would best describe a cold backup site?
A. A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing B. A computer facility with no electrical power or HVAC C. A computer facility with electrical power and HVAC but with no workstations or servers on-site prior to the event and no applications installed D. A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing |
C. A computer facility with electrical power and HVAC but with no workstations or servers on-site prior to the event and no applications installed
|
|
|
Ideal humidity levels for computers would be
A. 40%-55% B. 60%-70% C. 30% - 40% |
A. 40%-55%
|
|
|
Which of the following are the limitations of the Bell-LaPad?
A. No policies for changing access data control. B. All of the choices. C. Contains covert channels. D. Static in nature. |
B. All of the choices.
Limitations of the BLP model: Have no policies for changing access data control Intended for systems with static security levels Contains covert channels: a low subject can detect the existence of a high object when it is denied access. Sometimes it is not enough to hide the content of an object; also their existence may have to be hidden. Restricted to confidentiality |
|
|
Which of the following is NOT a precaution you can take to reduce static electricity?
A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooding |
A. power line conditioning
|
|
|
Which type of fire detectors sends an alarm when the temperature of the room rises dramatically?
A. Odor-sensing B. Heat-sensing C. Smoke-actuated D. Flame-actuated |
B. Heat-sensing
|
|
|
Which is NOT a type of a fire detector?
A. Smoke-actuated B. Flame-actuated C. Gas-discharge D. Heat-sensing |
C. Gas-discharge
|
|
|
The following are fire detector types EXCEPT:
A. smoke activated B. flame actuated C. acoustical-seismic detection system D. heat activated |
C. acoustical-seismic detection system
|
|
|
Which disaster recovery/emergency management plan testing type below is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?
A. Evacuation drill B. Table-top exercise test C. Full-scale exercise D. Walk-through drill |
B. Table-top exercise test
|
|
|
When referring to a summary of fire class symbols used in the United States
combustibles can be suppressed by liquid can be suppressed by flammable gases can be suppressed by combustible metal can be suppressed by flammable gases can be suppressed by Kitchen oil/fat can be suppressed by |
combustibles = water or soda acid
liquid= halon substitute, CO2, soda acid flammable gases = halon substitute, CO2, soda acid combustible metal = dry power flammable gases can be suppressed by = Halon substitute, CO2, or soda acid Kitchen oil/fat = wet chemicals |
|
|
Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage B. When the fire involves electrical equipment C. When the fire is located in an enclosed area D. When the fire is caused by flammable products |
B. When the fire involves electrical equipment
|
|
|
Which of the following is a class C fire?
A. electrical B. liquid C. common combustibles D. soda acid |
A. electrical
|
|
|
Which of the following is NOT considered an acceptable replacement for Halon discharge systems?
A. Halon 1301 B. Argon (IG55) C. FA200 D. Inergen (IG541) |
A. Halon 1301
|
|
|
Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems B. It maximizes chances of accidental discharge of water C. It minimizes chances of accidental discharge of water D. It uses less water than “wet pipe” systems |
C. It minimizes chances of accidental discharge of water
|
|
|
Which type of fire extinguishing method contains standing water in the pipe, and therefore generally does not enable a manual shutdown of systems before discharge?
A. Dry Pipe B. Deluge C. Wet pipe D. Preaction |
C. Wet pipe
|
|
|
What category of water sprinkler system is currently the most recommended water system for a
computer room? A. Dry Pipe sprinkler system B. Wet Pipe sprinkler system C. Pre-action sprinkler system D. Deluge sprinkler system |
C. Pre-action sprinkler system
|
|
|
Which of the following is currently the most recommended water system for a computer room?
A. pre-action B. wet pipe C. dry pipe D. deluge |
A. pre-action
|
|
|
What is pre-action systems?
|
fire systems that are a combination of wet, dry, or deluge systems and require two separate triggers.
|
|
|
An area of the Telecommunications and Network Security domain that directly affects the
Information Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability |
B. Network availability
|
|
|
Which of the following terms is NOT associated with a Read Only Memory (ROM)?
A. Field Programmable Gate Array (FPGA) B. Flash memory C. Firmware D. Static RAM (SRAM) |
D. Static RAM (SRAM)
|
|
|
Volatile Memory loses integrity after loss of power. True or False
|
true
|
|
|
Which of the following are the components of the Chinese wall model?
A. Conflict of interest. B. All of the choices. C. Subject D. Company Datasets. |
B. All of the choices.
|
|
|
What model should you use if you are concerned with confidentiality of information?
A. Bell-LaPadula B. Biba C. Clark-Wilson D. Confidentiality Model |
A
|
