Key Terms Quiz 1 are highlevel statements made by managemen

Key Terms Quiz

1.    _______________ are high-level statements made by management that lay out the organization’s position on some issue.

2.    The collective term used to refer to the systems that are used to maintain the comfort of an office environment and that are often controlled by computer systems is _______________ .

3.    _______________ A(n) is a device designed to provide power to essential equipment for a period of time when normal power is lost.

4.    Access control mechanisms in which a physical characteristic, such as a fingerprint or the geometry of an individual’s hand, is used to uniquely identify users are called _______________.

5.    _______________ are accepted specifications providing specific details on how a policy is to be enforced.

6.    _______________ is a wireless technology designed as a short-range (approximately ten meters) personal area network (PAN) cable-replacement technology that may be built into a variety of devices such as mobile phones, PDAs, and laptop computers.

7.    The military program to control electronic emanations from electrical equipment is called _______________.

8.    _______________ are step-by-step instructions that describe exactly how employees are expected to act in a given situation or to accomplish a specific task.

9.    The set of standards for wireless networks that is well suited for the LAN environment and whose normal mode is to have computers with network cards communicating with a wireless access point is _______________.

10.    _______________ are recommendations relating to a policy that are not mandatory steps.

  Multiple-Choice Quiz

1.    Which of the following is a physical security threat?

A.  Cleaning crews are allowed unsupervised access because they have a contract.

B.  Employees undergo background criminal checks before being hired.

C.  All data is encrypted before being backed up.

D.  All the above.

2.    The benefit of fire detection equipment over fire suppression devices is

A.  Fire detection equipment is regulated whereas fire suppression equipment is not.

B.  Fire detection equipment will often catch fires at a much earlier stage, meaning that the fire can be addressed before significant damage can occur.

C.  Fire detection equipment is much more reliable than fire suppression equipment.

D.  There is no advantage of fire detection over fire suppression other than the cost of fire detection equipment is much less than fire suppression equipment.

3.    What security feature is even more common than a lock?

A.  Physical barrier

B.  Card reader

C.  Hand geometry reader

D.  Security guard

4.    During which step of the policy lifecycle does training of users take place?

A.  Plan for security

B.  Implement the plans

C.  Monitor the implementation

D.  Evaluate for effectiveness

5.    Biometric access controls are typically used in conjunction with another form of access control because:

A.  Biometrics are still expensive.

B.  Biometrics cannot be copied.

C.  Biometrics are not always convenient to use.

D.  Biometrics are not 100 percent accurate, having some level of misidentifications.

6.    Procedures can be described as:

A.  High-level, broad statements of what the organization wants to accomplish

B.  Step-by-step instructions on how to implement the policies

C.  Mandatory elements regarding the implementation of a policy

D.  Recommendations relating to a policy

7.    What technique can be used to protect against electromagnetic eavesdropping (known as the van Eck phenomenon)?

A.  Provide sufficient distance between the potential target and the nearest location an attacker could be.

B.  Put the equipment that you are trying to protect inside a shielded room.

C.  Purchase “TEMPEST approved” equipment.

D.  All of the above.

8.    HVAC systems are important in which of the following locations?

A.  Large cubical farms where many people work in rooms without windows

B.  Network equipment closets

C.  Server rooms

D.  All the above

9.    When should a human security guard be used for physical access control?

A.  When other electronic access control mechanisms will not be accepted by employees

B.  When necessary to avoid issues such as piggybacking, which can occur with electronic access controls

C.  When other access controls are too expensive to implement

D.  When the organization wants to enhance its image

10.    What device should be used by organizations to protect sensitive equipment from fluctuations in voltage?

A.  A surge protector

B.  An uninterruptible power supply

C.  A backup power generator

D.  A redundant array of inline batteries (RAIB)

Essay Quiz

1. Describe the difference between fire suppression and fire detection systems.

2. Discuss why an “insider” is potentially more dangerous than an external attacker.

3. Why should we be concerned about HVAC systems when discussing security?

Solution

FILL IN THE BLANKS :-

1. Policies

(Policies are high level, broad statements of what the organisation wants to accomplish. They are made by management when laying out the organization position on some issue)

2. HVAC

(Heating, Ventilation and Air Conditioning (HVAC) systems are used to maintain the comforts of an office environment. These systems are developed due to huge quantities of equipment located/installed in the offices which produces large amount of heat)

3. Uninterruptible Power Supply (UPS)

(UPS is considered for critical systems so that loss of power will not halt processing)

4. Biometrics

(Biometrics are generally used by third party for proper authentication purpose which includes respective authorised user finger prints (all the five fingers) and hand prints (both the hands i.e left and right))

5. Standards

(Standards are mandatory elements regarding the implementation of the policy and are accepted specifications that provide specific details on how a policy is to be enforced)

6. Bluetooth

(Bluetooth are wireless technologies used in personal area network for sharing personal objectives such as music, videos, files, images etc. which lasts for not more than 10 meters)

7.TEMPSET

(Transient Electro Magnetic Pulse Emanation Standard - is a phenomenon used to control electronic emanations from electrical equipment)

8. Procedures

(Procedures are step by step instructions generally used to know the implementation of the policies)

9. IEEE 802.11

(IEEE 802.11 is a wireless standard well suited for LAN environment which can be operated in peer to peer or infrastructure mode)

10. Guidelines

(Guidelines are recommendations relating to policy)

MULTIPLE CHOICE QUESTIONS :-

Answers :- A,B,A,B,D,B,D,D,B,A

ESSAY QUESTIONS :-

1. Difference between fire suppression and fire detection systems:

- Fire detection systems are those that detect hazardous conditions. The early detection of fire and the signaling of an appropriate alarm remains the most significant factor in preventing large loss due to fire.

- Fire suppression systems are those that control or contain hazardous detection and suppression systems to decrease the loss through prompt notification and early mitigation and control of the fire.

Hence, out of these to Fire suppression systems are more effictive and efficient as they include the functions of fire detection systems too.

2. Insider vs Outsider

- Insider :- Internal threat agent, in other words, an agent that belong to the organization.

- Outsider :- An external threat agent, in other words, an agent from outside the organization.

As it is clear from the above defined data that insider is more potentially dangerous than outsider/external agent as outsider canonly get the limited access or limited information regarding the respective file / organization but where as insider agent icludes authorized user who surpasses his/her legitimate access rights where there is a huge scope of mal functioning.

Hence, Insider attacks are considered as more potentially dangerous than Outsider/external agent attacks.

3. HVAC

- HVAC systems for server rooms and network equipment closets are important because the dense equipment environment can generate significant amounts of heat which may damage the equipment. HVAC outages can result in temperatures that are outside equipment operating ranges,forcing shutdowns respectively. Hence to avoid this damages HVAC systems are installed.