Physical Security Quiz

Questions and Answers

Which of the following is NOT one of the three major concerns for physical security in order of importance?

Equipment

Access control (correct)

Personnel

Data

Which of the following is NOT one of the three main kinds of physical security measures?

Preventative

Reactive (correct)

Detective

Deterrent

Why would you want to use RAID?

To improve network security

To increase the speed of data access

To reduce the amount of storage space required

To copy data to more than 1 storage device to protect the data if any one device is destroyed (correct)

Which of the following is NOT a step in a typical risk management process at a high level?

Assess risks

Why is confidentiality important in data security?

To prevent breaches and unauthorized access

Why is authenticity a risk in data security?

To verify the validity of payment and customer information

Why is assessing risks an important step in risk management?

To determine the overall risk

Which category of controls protects the physical environment in which systems sit or where data is stored?

Physical controls

Which category of controls enables prevention of unauthorized activities?

Logical controls

True or False: A vulnerability without a matching threat constitutes a risk.

False

True or False: A threat without a matching vulnerability constitutes a risk.

False

What are measures put in place to account for each threat called?

Controls

What are the three categories of controls mentioned in the text?

Physical, logical, and administrative

True or False: If logical controls are implemented properly and successful, an attacker or unauthorized user can still access applications and data without subverting controls.

False

What is the term used to describe an attacker or unauthorized user accessing applications and data without subverting controls?

Unauthorized access