Examination Questions And Correct
Answers (Verified Answers) Plus
Rationales 2026 Q&A Instant Download
Question 1
Which of the following is the primary federal law in the United States that governs
the collection, use, and dissemination of consumer credit information, and has
significant implications for background screening in the private security sector?
A. Gramm-Leach-Bliley Act
B. Health Insurance Portability and Accountability Act
C. Fair Credit Reporting Act
D. Privacy Act of 1974
Answer: C – Fair Credit Reporting Act. The Fair Credit Reporting Act (FCRA) is the
primary federal statute regulating consumer reporting agencies and the use of
consumer reports for employment purposes, including background checks. It
mandates disclosure, authorization, and adverse action procedures. The Gramm-
Leach-Bliley Act pertains to financial privacy, HIPAA to health information, and
the Privacy Act applies to federal agencies.
Question 2
In the context of a security risk assessment, which of the following best defines
"vulnerability"?
A. The probability that a threat will materialize
,B. A weakness in a system, process, or asset that can be exploited
C. The potential financial loss from a security incident
D. The likelihood of a natural disaster occurring
Answer: B – A weakness in a system, process, or asset that can be exploited.
Vulnerability is a flaw or gap that a threat can exploit to cause harm. Probability
of threat materialization is risk, financial loss is impact, and natural disaster
likelihood is a specific threat assessment.
Question 3
Which security design principle emphasizes that critical systems should have no
single point of failure?
A. Defense in depth
B. Least privilege
C. Redundancy
D. Separation of duties
Answer: C – Redundancy. Redundancy involves duplicating critical components
to eliminate single points of failure. Defense in depth uses multiple layers, least
privilege limits access, and separation of duties divides responsibilities to
prevent fraud.
Question 4
During an emergency evacuation, which of the following is the most critical action
for a security professional to take first?
A. Account for all personnel at the assembly point
B. Activate the building's fire alarm system
C. Notify local law enforcement
D. Initiate the incident command system
Answer: B – Activate the building's fire alarm system. The immediate first step in
an emergency evacuation is to notify all occupants to evacuate, typically via the
fire alarm. Accounting and notifications occur after evacuation begins.
,Question 5
Which of the following is a key component of a Business Continuity Plan (BCP)
that specifically addresses the restoration of IT systems and data?
A. Disaster Recovery Plan
B. Crisis Communication Plan
C. Occupant Emergency Plan
D. Continuity of Operations Plan
Answer: A – Disaster Recovery Plan. The Disaster Recovery Plan (DRP) focuses on
IT infrastructure, data backup, and system restoration. The BCP is broader; the
Occupant Emergency Plan covers life safety; COOP is for government agencies.
Question 6
Under the General Data Protection Regulation (GDPR), which legal basis for
processing personal data is most relevant for a private security firm conducting
employee background checks with the employee's explicit agreement?
A. Contractual necessity
B. Legal obligation
C. Consent
D. Legitimate interests
Answer: C – Consent. Consent requires a clear, affirmative act of agreement and
is the appropriate basis when processing is not strictly necessary for contract,
law, or a competing legitimate interest. Background checks often rely on explicit
consent.
Question 7
What is the primary purpose of a security post order?
A. To outline the chain of command for disciplinary actions
B. To provide specific, site- and post-specific instructions for security officers
, C. To serve as a public relations document for visitors
D. To list all emergency telephone numbers for the facility
Answer: B – To provide specific, site- and post-specific instructions for security
officers. Post orders are the operational bible for a given post, detailing duties,
patrol patterns, access control procedures, and emergency response protocols
specific to that location.
Question 8
Which type of barrier is most effective at delaying a vehicle-borne improvised
explosive device (VBIED) while allowing pedestrian access?
A. Jersey barriers
B. Bollards with retractable pins
C. Chain-link fence with razor wire
D. Pop-up wedge barriers
Answer: B – Bollards with retractable pins. Retractable bollards can be lowered
for vehicles but left raised to stop them, while allowing pedestrians to pass
between them. Jersey barriers are continuous, wedge barriers stop vehicles but
not pedestrian-friendly, and chain-link is not anti-ram.
Question 9
In the context of physical security, what is the "protection-in-depth" strategy?
A. Using the most expensive security equipment available
B. Implementing multiple overlapping security measures
C. Placing all security resources at the perimeter
D. Focusing only on internal threats
Answer: B – Implementing multiple overlapping security measures. Protection-
in-depth (defense in depth) layers security controls so that if one fails, others
compensate. This includes deterrence, detection, delay, and response across
perimeter, interior, and assets.