Home > Articles

  • Print
  • + Share This
This chapter is from the book

Test Your Skills

Multiple Choice Questions

  1. Which of the following groups should be assigned responsibility for physical and environmental security?

    1. Facilities management

    2. Information security management

    3. Building security

    4. A team of experts including facilities, information security, and building security

  2. Physical and environmental security control decisions should be driven by a(n) ___________.

    1. educated guess

    2. industry survey

    3. risk assessment

    4. risk management

  3. Which of the following terms best describes CPTED?

    1. Crime prevention through environmental design

    2. Crime prevention through environmental designation

    3. Criminal prevention through energy distribution

    4. Criminal prosecution through environmental design

  4. The design of a secure site starts with the _________.

    1. natural surveillance

    2. territorial reinforcement

    3. natural access control

    4. location

  5. Which of the following models is known as the construct that if an intruder can bypass one layer of controls, the next layer of controls should provide additional deterrence or detection capabilities?

    1. Layered defense model

    2. Perimeter defense model

    3. Physical defense model

    4. Security defense model

  6. The mere fact that an area appears to be secure is in itself a ___________.

    1. deterrent

    2. layer

    3. defense

    4. signature

  7. Best practices dictate that data centers should be _____________.

    1. well marked

    2. located in urban areas

    3. inconspicuous and unremarkable

    4. built on one level

  8. Which of the following would be considered a “detection” control?

    1. Lighting

    2. Berms

    3. Motion sensors

    4. Bollards

  9. Badging or an equivalent system at a secure facility should be used to identify ____________.

    1. everyone who enters the building

    2. employees

    3. vendors

    4. visitors

  10. Which of the following statements best describes the concept of shoulder surfing?

    1. Shoulder surfing is the use of a keylogger to capture data entry.

    2. Shoulder surfing is the act of looking over someone’s shoulder to see what is on a computer screen.

    3. Shoulder surfing is the act of positioning one’s shoulders to prevent fatigue.

    4. None of the above.

  11. The term BYOD is used to refer to devices owned by ____________.

    1. the company

    2. a vendor

    3. the employee

    4. a contractor

  12. Which of the following statements is not true about data center best practices?

    1. Data center equipment must be protected from damage caused by power fluctuations or interruptions.

    2. Data center power protection devices must be tested on a scheduled basis for functionality and load capacity.

    3. Data center generators must be tested regularly according to manufacturer’s instructions.

    4. You can optionally log all service and routine maintenance.

  13. Which of the following terms best describes a prolonged increase in voltage?

    1. Power spike

    2. Power surge

    3. Power hit

    4. Power fault

  14. Common causes of voltage variations include ______________.

    1. lightning, storm damage, and electric demand

    2. using a power conditioner

    3. turning on and off computers

    4. using an uninterruptable power supply

  15. Adhering to building and construction codes, using flame-retardant materials, and properly grounding equipment are examples of which of the following controls?

    1. Fire detection controls

    2. Fire containment controls

    3. Fire prevention controls

    4. Fire suppression controls

  16. A Class C fire indicates the presence of which of the following items?

    1. Electrical equipment

    2. Flammable liquids

    3. Combustible materials

    4. Fire extinguishers

  17. Confidential data can reside on which of the following items?

    1. Smartphones

    2. Cameras

    3. Scanners

    4. All of the above

  18. Which of the following data types includes details about a file or document?

    1. Apparent data

    2. Hidden data

    3. Metadata

    4. Cache data

  19. URL history, search history, form history, and download history are stored by the device ___________.

    1. operating system

    2. browser

    3. BIOS

    4. ROMMON

  20. Which of the following statements about formatting a drive is not true?

    1. Formatting a drive creates a bootable partition.

    2. Formatting a drive overwrites data.

    3. Formatting a drive fixes bad sectors.

    4. Formatting a drive permanently deletes files.


Exercise 7.1: Researching Data Destruction Services

  1. Research companies in your area that offer data destruction services.

  2. Document the services they offer.

  3. Make a list of questions you would ask them if you were tasked with selecting a vendor for data destruction services.

Exercise 7.2: Assessing Data Center Visibility

  1. Locate the data center at your school or workplace.

  2. Is the facility or area marked with signage? How easy was it to find? What controls are in place to prevent unauthorized access? Document your findings.

Exercise 7.3: Reviewing Fire Containment

  1. Find at least three on-campus fire extinguishers (do not touch them). Document their location, what class fire they can be used for, and when they were last inspected.

  2. Find at least one fire extinguisher (do not touch it) in your dorm, off-campus apartment, or home. Document the location, what class fire it can be used for, and when it was last inspected.

Exercise 7.4: Assessing Identification Types

  1. Document what type of identification is issued to students, faculty, staff, and visitors at your school. If possible, include pictures of these types of documentation.

  2. Describe the process for obtaining student identification.

  3. Describe the procedure for reporting lost or stolen identification.

Exercise 7.5: Finding Data

  1. Access a public computer in either the library, a computer lab, or a classroom.

  2. Find examples of files or data that other users have left behind. The files can be apparent, temporary, browser based, cached, or document metadata. Document your findings.

  3. What should you do if you discover “personal” information?


Project 7.1: Assessing Physical and Environmental Security

  1. You are going to conduct a physical assessment of a computing device you own. This could be a desktop computer, a laptop, a tablet, or a smartphone. Use the following table as a template to document your findings. You can add additional fields.

    Device Description


    Laptop Computer




















    Safeguard 1

    Safeguard 2

    Safeguard 3



    Initial Cost

    Annual Cost

    Cost/Benefit Analysis

    Lost or forgotten

    Need laptop for schoolwork

    Pink case

    Labeled with owner’s contact info



    Install remote find software



    $20 per year vs. the cost of replacing the laptop

  2. Determine the physical and environmental dangers (threats); for example, losing or forgetting your laptop at school. Document your findings.

  3. For each danger (threat), identify the controls that you have implemented; for example, your case is pink (recognizable) and the case and laptop are labeled with your contact information. It is expected that not all threats will have corresponding safeguards. Document your findings.

  4. For threats that do not have a corresponding safeguard or ones for which you feel the current safeguards are inadequate, research the options you have for mitigating the danger. Based on your research, make recommendations. Your recommendation should include initial and ongoing costs. Compare the costs of the safeguard to the cost impact of the danger. Document your findings.

Project 7.2: Assessing Data Center Design

  1. You have been tasked with recommending environmental and physical controls for a new data center to be built at your school. You are expected to present a report to the Chief Information Officer. The first part of your report should be a synopsis of the importance of data center physical and environmental security.

  2. The second part of your report should address three areas: location, perimeter security, and power.

    1. Location recommendations should include where the data center should be built and a description of the security of the surrounding area (for example, location-based threats include political stability, susceptibility to terrorism, the crime rate, adjacent buildings, roadways, pedestrian traffic, flight paths, utility stability, and vulnerability to natural disasters).

    2. Access control recommendations should address who will be allowed in the building and how they will be identified and monitored.

    3. Power recommendations should take into account power consumption as well as normal and emergency operating conditions.

Project 7.3: Securing the Perimeter

  1. The security perimeter is a barrier of protection from theft, malicious activity, accidental damage, and natural disaster. Almost all buildings have multiple perimeter controls. We have become so accustomed to perimeter controls that they often go unnoticed (that is, security guards). Begin this project with developing a comprehensive list of perimeter controls.

  2. Conduct a site survey by walking around your city or town. You are looking for perimeter controls. Include in your survey results the address of the building, a summary of building occupants, type(s) of perimeter controls, and your opinion as to the effectiveness of the controls. To make your survey valid, you must include at least 10 properties.

  3. Choose one property to focus on. Taking into consideration the location, the depth of security required by the occupants, and the geography, comment in detail on the perimeter controls. Based on your analysis, recommend additional physical controls to enhance perimeter security.

  • + Share This
  • 🔖 Save To Your Account