Which of the following is related to physical security and is not considered a technical control?
Answer(s): D
All of the above are considered technical controls except for locks, which are physical controls.Administrative, Technical, and Physical Security ControlsAdministrative security controls are primarily policies and procedures put into place to define and guide employee actions in dealing with the organization's sensitive information. For example, policy might dictate (and procedures indicate how) that human resources conduct background checks on employees with access to sensitive information. Requiring that information be classified and the process to classify and review information classifications is another example of an administrative control. The organization security awareness program is an administrative control used to make employees cognizant of their security roles and responsibilities. Note that administrative security controls in the form of a policy can be enforced or verified with technical or physical security controls. For instance, security policy may state that computers without antivirus software cannot connect to the network, but a technical control, such as network access control software, will check for antivirus software when a computer tries to attach to the network.Technical security controls (also called logical controls) are devices, processes, protocols, and other measures used to protect the C.I.A. of sensitive information. Examples include logical access systems, encryptions systems, antivirus systems, firewalls, and intrusion detection systems.Physical security controls are devices and means to control physical access to sensitive information and to protect the availability of the information. Examples are physical access systems (fences, mantraps, guards), physical intrusion detection systems (motion detector, alarm system), and physical protection systems (sprinklers, backup generator). Administrative and technical controls depend on proper physical security controls being in place. An administrative policy allowing only authorized employees access to the data center do little good without some kind of physical access control.From the GIAC.ORG website
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?
Answer(s): C
You data center should be located in the middle of the facility or the core of a building to provide protection from natural disasters or bombs and provide easier access to emergency crewmembers if necessary. By being at the core of the facility the external wall would act as a secondary layer of protection as well.Information processing facilities should not be located on the top floors of buildings in case of a fire or flooding coming from the roof. Many crimes and theft have also been conducted by simply cutting a large hole on the roof.They should not be in the basement because of flooding where water has a natural tendancy to flow down :-) Even a little amount of water would affect your operation considering the quantity of electrical cabling sitting directly on the cement floor under under your raise floor.The data center should not be located on the first floor due to the presence of the main entrance where people are coming in and out. You have a lot of high traffic areas such as the elevators, the loading docks, cafeteria, coffee shopt, etc.. Really a bad location for a data center.So it was easy to come up with the answer by using the process of elimination where the top, the bottom, and the basement are all bad choices. That left you with only one possible answer which is the third floor.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 5th Edition, Page 425.
Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?
Answer(s): B
In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the TenDomains of Computer Security, 2001, John Wiley & Sons, Page 217.
This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious?
Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of such data. To make a violation listing effective, a clipping level must be established.The clipping level establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. This solution is particularly effective for small- to medium-sized installations. Organizations with large-scale computing facilities often track all violations and use statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times).If the number of violations being tracked becomes unmanageable, the first step in correcting the problems should be to analyze why the condition has occurred. Do users understand how they are to interact with the computer resource? Are the rules too difficult to follow? Violation tracking and analysis can be valuable tools in assisting an organization to develop thorough but useable controls. Once these are in place and records are produced that accurately reflect serious violations, tracking and analysis become the first line of defense. With this procedure, intrusions are discovered before major damage occurs and sometimes early enough to catch the perpetrator. In addition, business protection and preservation are strengthened.The following answers are incorrect:All of the other choices presented were simply detractors.The following reference(s) were used for this question:Handbook of Information Security Management
Which type of control is concerned with avoiding occurrences of risks?
Preventive controls are concerned with avoiding occurrences of risks while deterrent controls are concerned with discouraging violations. Detecting controls identify occurrences and compensating controls are alternative controls, used to compensate weaknesses in other controls.Supervision is an example of compensating control.
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Share your comments for ISC SSCP exam with other users:
Recommend using AI for Solutions rather the Answer(s) submitted here
This is very interesting
Are these the same questions you have to pay for in ExamTopics?
For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou
This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.
The DP-900 exam can be tricky if you aren't familiar with Microsoft’s specific cloud terminology. I used the practice questions from free-braindumps.com and found them incredibly helpful. The site breaks down core data concepts and Azure services in a way that actually mirrors the real test. As a resutl I passed my exam.
interesting
Passed this exam 2 days ago. These questions are in the exam. You are safe to use them.
Helpful to test your preparedness before giving exam
Really helped
Good explanation
very helpful
Question 1, Ans is - Developer,Standard,Professional Direct and Premier
Passed this exam in first appointment. Great resource and valid exam dump.
Today I wrote this exam and passed, i totally relay on this practice exam. The questions were very tough, these questions are valid and I encounter the same.
Anyone used this dump recently?
173 question is A not D
nice questions
Thanks for the practice questions they helped me a lot.
Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.
i need to pass exam for VMware 2V0-11.25
Great questions.
great dumps to practice for the exam
How reliable and relevant are these questions?? also i can see the last update here was January and definitely new questions would have emerged.
Can I trust to this source?
can you please provide the CBDA latest test preparation
This is the best and only way of passing this exam as it is extremely hard. Good questions and valid dump.
Can I use this dumps when I am taking the exam? I mean does somebody look what tabs or windows I have opened ?
Finally got a change to write this exam and pass it! Valid and accurate!
Upload this exam please!
Thank you for providing these questions. It helped me a lot with passing my exam.
my first attempt
very explainable
i think answer of q 462 is variance analysis