Читаем CISSP Practice полностью

c. Smoke detection equipment shuts down the pre-action pipe equipment.

d. Smoke detection equipment shuts down the water pipe equipment.

84. b. The smoke detection system should shut down the air conditioning equipment. Similarly, an emergency power shutdown should include shutting down the air conditioning system. The reason is that when there is smoke or a power loss, the air conditioning equipment should be turned off so that people do not inhale smoke.

85. What is not a proper place for installing smoke detectors?

a. In the ceiling of a building

b. Under the raised floor

c. In air return ducts of a building

d. In water drains on the floor

85. d. Putting a smoke detector in water drains on the floor is improper. For maximum use and benefit, smoke detectors should be installed in the ceiling, under the raised floor, and in air return ducts.

86. Which of the following is the best place for sounding an alarm coming from a computer room?

a. Local station

b. Security guard station

c. Central station

d. Fire or police station

86. d. The best place for sounding an alarm coming from a computer room is at a fire or police station because immediate action can be taken. There can be a delay at the other three choices.

87. Physical access controls are a part of which of the following?

a. Directive controls

b. Preventive controls

c. Detective controls

d. Corrective controls

87. b. Physical access controls are a part of preventive controls, as they include locks, security guards, and biometric devices. Preventive controls deter security incidents from happening in the first place.

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

88. The justification process in selecting electronic surveillance and wiretapping detection equipment includes which of the following?

a. Low cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage

b. Medium cost of detection equipment, high value of assets to be protected, and a low rate of equipment usage

c. High cost of detection equipment, high value of assets to be protected, and a high rate of equipment usage

d. Low cost of detection equipment, low value of assets to be protected, and a high rate of equipment usage

88. c. The high cost of detection equipment is justified when the assets to be protected are highly valued and when a high rate of use can be made of the equipment. This is based on the cost-benefit principle.

89. Which of the following parties poses a greater risk to an organization when guarding against electronic surveillance and wiretapping activities?

a. Spy stationed in another building

b. Janitor in the same building

c. Employee in the same building

d. Window washer in the same building

89. c. A spy stationed on the same floor in another building a few blocks away can use a telescope to obtain secret data; a window washer can take pictures of documents on desks or walls; a janitor is positioned to take documents discarded in the trash. However, these occurrences are rare. The greatest risk is an employee working in the same building because of proximity and the trust placed in the employee. In addition, the employee knows the nature of the data asset, the value of it, the location of the asset, and the security controls (or lack of security controls) around the asset.

90. Which of the following statements is true?

a. Both mantraps and turnstiles are physical security controls.

b. A mantrap is a physical security control whereas a turnstile is a logical access security control.

c. A mantrap is an environmental security control whereas a turnstile is a network security control.

d. Both mantraps and turnstiles are cryptographic security controls.