Exam 1 Questions and correct Answers (Verified
Answers) with Rationales 2025
1. What is the primary objective of risk management in a security program?
A. Eliminate all possible risks
B. Identify, assess, and mitigate risks to acceptable levels
C. Transfer all risks to third parties
D. Purchase insurance to cover potential losses
Rationale: Risk management seeks to identify, assess, and reduce risks to an
acceptable level, not necessarily eliminate them entirely.
2. Which of the following best describes the concept of Crime Prevention
Through Environmental Design (CPTED)?
A. Using surveillance cameras to catch criminals
B. Modifying the physical environment to reduce crime opportunities
C. Hiring more security personnel to patrol the premises
D. Conducting background checks on employees
Rationale: CPTED focuses on environmental design strategies like lighting,
landscaping, and building layout to discourage criminal behavior.
,3. A key principle of physical security is:
A. Minimize lighting to reduce energy costs
B. Provide open access to all visitors
C. Delay, deter, detect, and respond to threats
D. Eliminate human intervention from security processes
Rationale: Effective physical security relies on layers of protection to delay,
deter, detect, and respond to unauthorized access.
4. What is the PRIMARY role of a security survey?
A. Determine employee satisfaction
B. Identify vulnerabilities and recommend countermeasures
C. Reduce insurance premiums
D. Provide training materials
Rationale: A security survey is conducted to assess current conditions and
identify areas needing improvement to enhance protection.
5. Which access control model is based on security labels and clearances?
A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute-Based Access Control (ABAC)
Rationale: MAC uses classifications (e.g., Top Secret, Confidential) and enforces
access based on policy, not user discretion.
, 6. The term “concentric layers of protection” refers to:
A. Having a single strong point of security
B. Multiple barriers or measures surrounding an asset
C. Security by obscurity
D. Securing only the outer perimeter
Rationale: Concentric protection uses multiple layers (e.g., fences, alarms,
guards) to delay and detect intrusions.
7. The BEST way to manage insider threats is to:
A. Trust employees completely
B. Implement a combination of technical controls and policies
C. Eliminate employee access to systems
D. Monitor social media
Rationale: Insider threat management requires policies, user activity
monitoring, and proper access control measures.
8. What is the most critical component in emergency planning?
A. Purchasing insurance
B. Reporting metrics to management
C. Protecting life and ensuring safety
D. Evacuating equipment