Potential interdependencies that could affect operations are primarily addressed in: A. Communication and technology

Physical prevention

Personnel measures

Planning and preparedness

Permanently evacuating people from a potential inundation area is an example of which of the following types of risk-reduction strategies? A. Mitigation



Operational Measures

Ensuring sufficient standoff distances is a protective measure related to: A. Assessments

Physical prevention



If intelligence suggests that your facility is at risk for a cyber attack, which of the following measures would take precedence? A. Conduct terminated employee assess

Delay scheduled maintenance and upgrades

Use the internet to access personal email accounts

Develop an inventory of parts and suppliers

Which of the following is NOT likely to enhance access-point security? A. Using appropriate locks

Using access identification systems

Establishing additional access points for redundancy

Controlling doors and entryways

Access point security is enhanced by: A. Eliminating expensive swipe access systems

Using an electronic entry control system

Increasing the number of access points

Removing obvious signs in restricted areas

Appropriate design and implementation of protective measures should be conducted A. As a function of threat, vulnerability, and consequences

Only based on vulnerability considerations

Only based on threat considerations

Only based on potential environmental impacts

Access control refers to: A. Special equipment and communication protocols used to contact security forces in case of emergency.

Special screens installed around critical components to protect against rocket-propelled grenades and other potential standoff weapons.

Special equipment and backup systems used to ensure continuous operation of supervisory control and data acquisition systems.

Physical and procedural measures to keep unauthorized persons, equipment, or materials out of sensitive areas.

Long-term actions taken to reestablish a facility’s function after an attack or other incident has caused damage are part of: A. Deterrence




Constraints: A. Refer to the amount of damage an asset would be allowed to sustain in the event of an attack

Refer to the degree to which an asset is protected against a threat

Measure the probability that an aggressor would be defeated before the asset is compromised

Relate to physical characteristics or operational considerations that restrict the nature of protective measures

Installing a perimeter fence to create the perception that an attack is less likely to succeed is an example of: A. Resilience




Employee and contractor identification systems are part of which of the following measures? A. Planning and preparedness

Personnel protection

Perimeter security and control

Physical prevention

Delay refers to: A. The period between detection and assessment of the aggressor and the time at which the aggressor is able to damage the targeted asset.

The investigation and determination of the cause of an alarm before initiating an actual response.

The identification of an intrusion with electronic sensors, audio alarms, or a monitoring center.

The time period between an intruder penetrating the perimeter and being able to attack a critical asset.

Which of the following is an example of an operational measure? A. Requiring project personnel to carry identification cards

Collaborating with local law enforcement agencies

Keeping equipment de-energized except when in use

Installing motion sensors and closed-circuit televisions

There are four main steps in developing a protective program. Which of the steps is usually based on the value of the asset (to its owner and users) and the potential consequences of a successful attack? A. Design and implement protective measures

Determine level of protection

Determine potential threats to the facility

Identify constraints

Which of the following is an example of communication and technology measures? A. Using magnetometers and x-ray scanners for inspections

Using fragmentation-resistant and blast-resistant construction

Posting signs detailing where access is authorized and unauthorized

Establishing redundant systems and offsite backup data storage

Which of the following attack types is most likely to result in corrupted or stolen information? A. Cyber


Suicide bomber

Standoff weapons

TRUE OR FALSE: Facilities are more vulnerable when only a single individual possesses the critical skills needed for facility operation. A. True


A stand-off weapons attack is more likely to be: A. Carried out with a car or truck loaded with explosives and maneuvered into position near a target.

Employed if it is determined that the target’s physical security is too great to overcome via a direct attack.

Used in order to conduct surveillance and reconnaissance on a specific target.

Conducted to alter or steal critical information.

Increasing a facility’s ability to withstand damage by installing redundant control systems is an example of: A. Resilience