Which of the following questions is less likely to help in assessing physical and environmental protection?

A.
Are entry codes changed periodically?

B.
Are appropriate fire suppression and prevention devices installed and working?

C.
Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or
electronic information?

D.
Is physical access to data transmission lines controlled?

Explanation:
Processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic
information are technical controls, not physical controls.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors:
administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls”
because they are more management-oriented. Examples of administrative controls are security documentation,
risk management, personnel security, and training. Technical controls (also called logical controls) are software
or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And
physical controls are items put into place to protect facility, personnel, and resources. Examples of physical
controls are security guards, locks, fencing, and lighting.
Incorrect Answers:
A: Locks and access control systems are examples of physical controls. Asking about the entry codes of an
access control system will help in assessing physical and environmental protection. Therefore, this answer is
incorrect.
B: Fire suppression and prevention devices are examples of physical controls. Asking if they are installed and
working will help in assessing physical and environmental protection. Therefore, this answer is incorrect.
D: Physical access to data transmission lines is an example of physical control. Asking if this is physical access
is controlled will help in assessing physical and environmental protection. Therefore, this answer is incorrect.References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28