Which of the following questions is LESS likely to help in assessing physical access controls?
A.
 Does management regularly review the list of persons with physical access to sensitive facilities?
B.
 Is the operating system configured to prevent circumvention of the security software and application 
controls?
C.
 Are keys or other access devices needed to enter the computer room and media library?
D.
 Are visitors to sensitive areas signed in and escorted?
Explanation:
Configuring an operating system to prevent circumvention of the security software and application controls is an
example of configuring technical controls, not physical controls.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors:
administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls”
because they are more management-oriented. Examples of administrative controls are security documentation,
risk management, personnel security, and training. Technical controls (also called logical controls) are software
or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And
physical controls are items put into place to protect facility, personnel, and resources. Examples of physical
controls are security guards, locks, fencing, and lighting.
Incorrect Answers:
A: Physical access to facilities is a physical control. Asking about regularly reviews of the list of persons withphysical access to sensitive facilities will help in assessing physical access controls. Therefore, this answer is
incorrect.
C: Keys and access devices are examples of physical controls. Asking if they are required to enter the
computer room and media library will help in assessing physical access controls. Therefore, this answer is
incorrect.
D: Escorting a visitor is an example of a physical control. Asking if this is required to enter sensitive areas will
help in assessing physical access controls. Therefore, this answer is incorrect.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28