PRACTICE

07 Resilience & Physical Security
Mini Quiz Answers

Question 1: During an annual compliance audit, a security manager discovers several laptops that were purchased last year but never documented, making them untraceable. Which foundational security process was inadequately implemented?

  • A. Configuration management. This refers to maintaining secure baselines and preventing configuration drift in systems, not the initial tracking of physical hardware assets and inventory.
  • B. Change management. This is the process of controlling modifications to systems and services to minimize disruption, not the fundamental inventory tracking of physical devices.
  • C. Asset tracking and inventory management. This is the correct process of maintaining accurate records of hardware assets (barcodes, RFID, asset tags) to ensure all devices are known, tracked, and can be properly secured; the failure to document purchased laptops indicates a breakdown in this foundational process.
  • D. Data classification. This involves categorizing data based on sensitivity levels, not tracking the physical hardware devices that store or process that data.

Question 2: A company performs full backups every Sunday night. On Wednesday, the administrator needs to perform a backup that captures all data changed since the last full backup, rather than just changes since Tuesday night's backup, to balance storage space with faster restoration time if needed later in the week. Which backup type meets this requirement?

  • A. Full backup. This copies all data regardless of previous backups, which would consume excessive storage space and time when performed mid-week after a Sunday full backup.
  • B. Incremental backup. This captures only changes since the last backup of any kind (whether full or incremental), meaning Wednesday's backup would only capture changes since Tuesday, not meeting the requirement to capture all changes since Sunday.
  • C. Differential backup. This correctly captures all changes made since the last FULL backup (Sunday), providing faster restoration than incremental chains while using less storage than full backups, meeting the described requirement for balancing storage with restoration speed.
  • D. Snapshot. This is a point-in-time copy of a VM or disk state, not a backup type that tracks changes since a specific previous backup in the manner described.

Question 3: A financial trading firm requires a disaster recovery solution that provides an exact live mirror of their primary data center, allowing for immediate automatic failover with zero data loss and minimal downtime, regardless of the higher operational costs. Which type of site redundancy should they implement?

  • A. Cold site. This is an empty facility with no equipment, requiring days or weeks to activate, which cannot provide immediate failover or zero data loss.
  • B. Warm site. This contains partial equipment and data requiring hours to activate, which does not meet the requirement for immediate automatic failover.
  • C. Hot site. This is an exact live mirror of the primary data center with real-time data replication, providing immediate automatic failover with zero data loss (zero RPO) and minimal downtime, matching the financial trading firm's requirements regardless of cost.
  • D. Mobile site. This is a transportable recovery unit brought to a disaster location, not a permanent mirrored facility for immediate failover.

Question 4: A database administrator configures a cluster where all nodes simultaneously process user requests and share the workload, providing fault tolerance without having idle standby capacity waiting for a failure to occur. Which clustering configuration is this?

  • A. Active/Passive clustering. This configuration has standby nodes that remain idle until a failure occurs, wasting capacity and not utilizing all nodes simultaneously for workload processing.
  • B. Active/Active clustering. This configuration has all nodes simultaneously processing user requests and sharing workload, providing fault tolerance without idle standby capacity, exactly as described.
  • C. Warm standby cluster. This implies a secondary system that is powered on but not actively processing production traffic, which contradicts the requirement for simultaneous processing.
  • D. Cold standby cluster. This implies a secondary system that is offline or unpowered until needed, which does not provide simultaneous processing or immediate failover.

Question 5: During a brief utility power outage, a data center needs temporary battery power to allow servers to execute a graceful shutdown and prevent data corruption, but does not need to maintain operations for an extended period. Which power infrastructure component serves this specific function?

  • A. Diesel generator. This provides long-term power for extended outages but requires time to start and cannot provide the immediate battery power needed for graceful shutdown during brief outages.
  • B. UPS (Uninterruptible Power Supply). This provides immediate battery backup power to allow servers to execute graceful shutdowns during brief outages, exactly matching the requirement for temporary power without extended operation.
  • C. PDU (Power Distribution Unit). This distributes power to rack-mounted equipment but provides no battery backup or power conditioning during outages.
  • D. VPN (Virtual Private Network). This is a network security technology for remote access, not a power infrastructure component.

Question 6: A corporate headquarters located on a busy urban street is concerned about the risk of vehicle-ramming attacks targeting the main entrance and the data center's loading dock. Which physical security control is best to implement?

  • A. Fencing. This creates a perimeter barrier to control access but does not stop vehicle ramming attacks at entry points.
  • B. Bollards. These are short, reinforced vertical posts specifically designed to stop vehicle ramming attacks while allowing pedestrian flow, exactly matching the requirement to protect entrances and loading docks.
  • C. Mantrap. This is an access control system with interlocking doors for pedestrian anti-tailgating, not vehicle barriers.
  • D. Lighting. This provides deterrence and visibility for surveillance but offers no physical barrier against vehicle attacks.

Question 7: A security team places a decoy file named "Executive_Salaries_2026.xlsx" on a file server containing fake data, and creates embedded alerts to detect if an unauthorized user is browsing through sensitive directories. Which technology is being used?

  • A. Honeypot. This is a single fake system designed to lure attackers for analysis, not a specific file placed among real data.
  • B. Honeynet. This is an entire fake network infrastructure for advanced attack analysis, not a single decoy file.
  • C. Honeyfile. This is a specific decoy file (like "Executive_Salaries_2026.xlsx") containing fake data with embedded alerts to detect unauthorized access when opened, exactly as described.
  • D. Fake telemetry injection. This involves feeding false data into logs or monitoring systems to confuse attackers, not placing a specific bait file on a file server.

Question 8: An organization is decommissioning legacy magnetic tape backups and traditional hard drives. To render the data unrecoverable while recycling the physical media rather than shredding it, they expose the devices to a powerful magnetic field that disrupts the magnetic domains. Which data disposal method is described?

  • A. Pulverizing. This physically destroys media by crushing it into small particles, which does not allow for recycling of the physical media.
  • B. Degaussing. This exposes magnetic storage media (tapes and hard drives) to a powerful magnetic field that disrupts magnetic domains, rendering data unrecoverable while potentially allowing the physical media to be recycled.
  • C. Crypto-shredding. This destroys encryption keys to render encrypted data unreadable, which is a logical destruction method for cloud storage, not a physical magnetic process for tapes and drives.
  • D. Drilling. This physically destroys drives by drilling holes through platters, which damages the media and prevents recycling.

Question 9: A high-security facility installs an entrance system consisting of two interlocking doors with an enclosed space between them; the second door cannot open until the first door closes and the person is authenticated, preventing an unauthorized person from following an authorized employee inside. Which physical access control is this?

  • A. Turnstile. This controls pedestrian flow through rotating barriers but does not provide the enclosed authentication space with interlocking doors described.
  • B. Access control vestibule (Mantrap). This consists of two interlocking doors with an enclosed space between them, where the second door cannot open until the first closes and authentication is verified, preventing tailgating exactly as described.
  • C. Access badge reader. This is merely a component for credential verification, not the complete interlocking door system.
  • D. Bollard. These are vehicle barriers, not pedestrian access control systems with doors.

Question 10: An organization contracts a security firm to evaluate their application security posture. The testing team is provided with complete application source code, internal network architecture diagrams, and administrative-level credentials to thoroughly examine specific security controls and logic flaws without expending effort on initial reconnaissance or access acquisition. Which penetration testing methodology is being described?

  • A. Unknown environment testing (Black box). This provides the testing team with zero prior knowledge, requiring them to perform reconnaissance and access acquisition from scratch, contrary to the full disclosure described.
  • B. Partially known environment testing (Grey box). This provides limited knowledge (such as user-level credentials or partial architecture details), but not the complete source code and administrative credentials described.
  • C. Known environment testing (White box/Crystal box). This provides the testing team with complete application source code, internal architecture diagrams, and administrative credentials for thorough examination without reconnaissance effort, exactly as described.
  • D. Adversarial simulation (Red team). This is a simulation of real-world attack scenarios typically performed with limited knowledge to test detection and response, not a comprehensive examination with full documentation and credentials.