Читаем CISSP Practice полностью

90. a. Both stationary and revolving doors are used in mantraps and turnstiles. Unauthorized individuals entering a data center cannot get out of a mantrap because it is so restrictive in terms of movement. Turnstiles also restrict the movement of an unauthorized individual. Both of these controls are part of the physical security controls within a data center requiring high-level security.

91. Any security measure must be cost-beneficial. Uninterruptible power supply (UPS) systems address electric power failures. Which one of the following cost factors is of least concern to the installation of a UPS system?

a. Size of the gas fuel supply

b. Size of the electric load it can support

c. Number of minutes it can support the load

d. Speed with which it assumes the load when the primary source fails

91. a. A number of security measures are available to address electric power failures differing in both cost and performance. For example, the cost of a UPS depends on the size of the electric load it can support, the number of minutes it can support the load, and the speed with which it assumes the load when the primary power source fails. An onsite power generator can also be installed either in lieu of a UPS or to provide long-term backup to a UPS system. The size of the gas fuel supply is a design decision along with the magnitude of the load the generator will support and the facilities to switch the load from the primary source or the UPS to the on-site generator.

92. What instrument measures atmospheric humidity in a computer room?

a. Hygrometer

b. Hydrometer

c. Barometer

d. Voltmeter

92. a. A hygrometer is an instrument that measures atmospheric humidity. A hydrometer is an instrument used to determine the specific gravity that sinks in a fluid to a depth used as a measure of the fluid’s specific gravity. A barometer is an instrument for measuring atmospheric pressure, used in weather forecasting and in determining elevation. A voltmeter is an instrument for measuring electrical voltage.

93. Which of the following is not appropriate to provide adequate complementary physical access controls?

a. ID badge card

b. Password

c. Magnetic stripe card

d. Visitor log

93. b. Passwords provide logical access controls, not physical access controls. The other three choices are examples of complementary physical access controls. Each control enhances the other. A function or an area doesn’t need to be weak to use complementary controls. Complementary controls can magnify the effectiveness of two or more controls when applied to a function, program, or operation. Identification (ID) badge cards, magnetic stripe cards, and visitor logs have a synergistic effect in providing a strong physical access control.

94. Which of the following is not appropriate to ensure continuity of electric power supply?

a. Disk mirroring

b. Power line conditioners

c. Uninterruptible power supply equipment

d. Backup generators

94. a. Disk mirroring is not appropriate to ensure the continuity of the electric power supply because it prevents data loss. It is a fault-tolerant mechanism because it copies and stores data in two places (disks). The other three choices are incorrect because they are needed to provide continuity of the electric power supply. Power line conditioners smooth out power fluctuations. Uninterruptible power supply (UPS) equipment provides relief from short power outages. Backup generators support relief from long power outages.

95. Which of the following is not a benefit of automated environmental controls over manual monitoring?

a. System probes to perform diagnosis and analysis

b. Orderly shutdown of the host system

c. Slow recovery

d. Problem recording and notification

95. c. The automation of monitoring and controlling the environmental system can help minimize the damage and speed up the recovery process. The major objective is to reduce the effect of a disaster resulting from malfunctioning of the environmental control system. Manual monitoring can be time consuming, error prone, and unreliable because it requires constant attention.

96. Which of the following controls is not appropriate to prevent unauthorized people from entering a computer center?

a. Double-locked doors

b. CCTV monitors

c. Terminal IDs

d. Picture ID badges