CCNA Physical Security Controls Questions

30 questions · Physical Security Controls · All types, answers revealed

1
MCQeasy

A customer reports that their laptop was stolen from their desk over the weekend. The laptop contained sensitive client data. Which physical security control should have been implemented to prevent this theft?

A.Biometric authentication
B.Cable lock
C.Full disk encryption
D.Smart card reader
AnswerB

A cable lock physically secures the laptop to a desk, making theft much more difficult and time-consuming.

Why this answer

Cable locks are a simple and effective physical security control to prevent laptop theft by securing the device to a desk or fixed object. This scenario tests the understanding of basic physical deterrents against opportunistic theft in an office environment.

2
MCQhard

An organization experiences a data breach when an attacker physically removes hard drives from a decommissioned server that was placed in a storage area without being properly sanitized. What physical security control should have been implemented?

A.Install a surveillance camera in the storage area.
B.Require a smart card to access the storage area.
C.Use a degausser to erase the hard drives before disposal.
D.Apply tamper-evident seals to the server chassis.
AnswerC

Degaussing renders the data unrecoverable, eliminating the risk even if drives are stolen.

Why this answer

Proper disposal procedures, such as degaussing or physical destruction, ensure that data on decommissioned drives cannot be recovered. This scenario tests understanding of the full lifecycle of physical media security.

3
MCQeasy

During a security audit, you find that a company's server room door is propped open with a trash can to allow airflow. What is the most immediate physical security risk in this scenario?

A.Increased dust entering the server room
B.Fire suppression system may not work
C.Unauthorized personnel can enter the server room
D.The door closer will wear out faster
AnswerC

An unsecured door allows anyone to walk in, defeating the purpose of access controls and posing a serious security threat.

Why this answer

Propping open a secured door completely bypasses the access control system, allowing unauthorized individuals to enter the server room undetected. This highlights the importance of maintaining door closure mechanisms to ensure physical security.

4
MCQhard

A small business wants to secure its network switch located in a shared office area. The switch has no built-in lock. Which combination of physical controls provides the best protection against unauthorized tampering?

A.Place the switch in a lockable cabinet and enable MAC address filtering.
B.Use a cable lock to secure the switch to the desk.
C.Install a privacy filter on the switch's LED display.
D.Apply tamper-evident tape over the switch's vents.
AnswerA

The cabinet prevents physical access, and MAC filtering restricts which devices can connect logically.

Why this answer

A lockable cabinet prevents physical access to the switch, and port security prevents unauthorized devices from connecting to the network. This question tests layered physical and logical security for network infrastructure.

5
MCQmedium

A company is deploying new laptops to remote workers. They need to ensure that if a laptop is stolen, the data on it cannot be accessed. Which two physical security controls should be configured before shipment?

A.Cable lock and privacy filter.
B.Full-disk encryption and a BIOS/UEFI password.
C.Smart card reader and biometric scanner.
D.Asset tracking tag and a Kensington lock slot.
AnswerB

Encryption secures data, and a BIOS password prevents booting from unauthorized media or changing settings.

Why this answer

Full-disk encryption protects data at rest, and a BIOS/UEFI password prevents unauthorized booting or tampering with boot settings. This question tests the combination of controls needed for remote device security.

6
MCQhard

A company experiences a data breach after an attacker physically removes a hard drive from an unsecured workstation. The workstation was in a public area. Which combination of physical and logical controls would have best prevented this?

A.Cable lock and BIOS password
B.Cable lock and full-disk encryption
C.Security camera and Windows password
D.Proximity card reader and screen lock
AnswerB

The cable lock deters theft; full-disk encryption ensures data is unreadable if the drive is stolen.

Why this answer

Preventing physical theft requires both a physical lock (cable lock) to secure the device and full-disk encryption (like BitLocker) to protect data if the drive is removed. This is a layered approach.

7
MCQeasy

A small business wants to prevent unauthorized individuals from following employees through a secure entrance after badge access is granted. Which physical security control is specifically designed to address this threat?

A.Install a biometric fingerprint scanner
B.Use a proximity card reader
C.Deploy a mantrap
D.Add a security guard
AnswerC

A mantrap physically isolates each person, ensuring only one authenticated individual passes through at a time.

Why this answer

Tailgating occurs when someone slips in behind an authorized user. A mantrap is a small room with two interlocking doors that only allows one person to pass at a time, effectively preventing tailgating.

8
MCQmedium

A user complains that their computer is running slowly and they see a USB drive they don't recognize plugged into the front port. What is the first step a technician should take to address this potential security issue?

A.Run a full antivirus scan on the computer.
B.Check the USB drive's contents to see what it contains.
C.Ask the user to unplug the USB drive immediately.
D.Disable the USB ports in the BIOS.
AnswerC

Removing the device stops any ongoing malicious activity and is the first step in containment.

Why this answer

Immediately removing an unknown USB device is crucial to prevent potential malware infections or data theft. This scenario tests incident response procedures for physical media threats.

9
MCQmedium

A company's server room has a door with a proximity card reader. Employees report that the door sometimes does not close fully, allowing it to be pushed open without a card. What is the best solution?

A.Replace the proximity card reader with a biometric reader
B.Install a door closer mechanism
C.Add a security camera to monitor the door
D.Increase the frequency of badge audits
AnswerB

A door closer automatically pulls the door shut and ensures it latches, preventing unauthorized entry through an unsecured door.

Why this answer

A door closer ensures the door automatically shuts and latches after each use, preventing it from being left ajar. This addresses the root cause of the security gap by maintaining the integrity of the access control system.

10
MCQhard

During a routine security walkthrough, you notice that an employee has propped open a secured door to the server room with a doorstop to allow easy access for a cleaning crew. What is the most immediate action you should take?

A.Remove the doorstop and close the door.
B.Document the incident and report it to the security manager.
C.Reprimand the employee who propped the door.
D.Install a door alarm that sounds if the door is open too long.
AnswerA

This immediately restores the physical security of the server room.

Why this answer

Propping open a secured door bypasses all physical access controls, creating an immediate security risk. The first step is to close the door to restore security, then address the policy violation.

11
MCQmedium

During a security incident investigation, you discover that an attacker gained physical access to a network closet by using a cloned RFID badge. Which control would have most effectively prevented this type of attack?

A.Install a CCTV camera in the closet
B.Use a biometric reader instead of RFID
C.Add a door sensor alarm
D.Require a second factor like a PIN
AnswerB

Biometrics cannot be cloned like an RFID badge, as they rely on unique physical characteristics.

Why this answer

Cloning an RFID badge exploits the lack of mutual authentication. Smart cards with cryptographic chips are much harder to clone because they require a private key stored on the card that cannot be easily extracted.

12
MCQmedium

A helpdesk technician receives a call from an employee who says their smart card stopped working for building access. The employee is in a hurry and asks the technician to remotely disable the card and issue a temporary PIN for the day. What should the technician do first?

A.Disable the smart card and provide a temporary PIN as requested.
B.Ask the employee to visit the security office in person with a photo ID.
C.Reset the smart card remotely and test it with a badge reader.
D.Send a temporary PIN via email to the employee's company address.
AnswerB

In-person verification with a photo ID ensures the request is legitimate before making changes.

Why this answer

Verifying the caller's identity before making any access changes is a critical security practice to prevent social engineering attacks. This scenario tests the balance between customer service and security protocol.

13
MCQeasy

A customer reports that their laptop was stolen from a locked office over the weekend. The office door uses a standard key lock, and the laptop was not physically secured. Which physical security control would have most likely prevented this theft?

A.Use a smart card reader on the door
B.Install a security camera in the hallway
C.Attach a cable lock to the laptop
D.Enable BitLocker on the laptop
AnswerC

A cable lock anchors the laptop to a fixed object, making theft much harder and time-consuming.

Why this answer

This question tests knowledge of physical security controls that deter theft. A cable lock physically attaches the laptop to a desk, making it difficult to remove quickly. Key locks on doors alone are insufficient if someone gains access; cable locks provide a secondary layer of defense.

14
MCQhard

During a security audit, you find that a server room door has a standard key lock, but the key is kept in an unlocked drawer nearby. Which physical security principle is being violated?

A.Least privilege
B.Defense in depth
C.Separation of duties
D.Change management
AnswerB

Defense in depth means using multiple layers of security; storing the key insecurely removes the protection of the lock.

Why this answer

The principle of defense in depth requires multiple layers of security. Storing the key in an unlocked drawer negates the door lock, creating a single point of failure. Proper key management is essential.

15
MCQmedium

A retail store wants to protect its point-of-sale (POS) terminals from unauthorized physical access during off-hours. The terminals are in an open area with no lockable cabinets. Which control should be prioritized?

A.Install a privacy screen on each POS terminal.
B.Use tamper-evident seals on the terminal casings.
C.Require a smart card to power on the terminal.
D.Enable a screensaver with a password.
AnswerB

Seals show if the terminal has been opened, alerting staff to potential tampering.

Why this answer

Tamper-evident seals provide a visible indicator if a device has been opened, deterring unauthorized physical access to internal components. This question tests understanding of physical security for unattended devices.

16
MCQhard

A company is designing a secure entry for a high-security lab. They need to ensure that only one person can enter at a time and that the person must be authenticated before the second door opens. Which physical security control should be used?

A.Turnstile with biometric reader
B.Security guard with logbook
C.Mantrap with smart card and biometric authentication
D.Cipher lock with door alarm
AnswerC

A mantrap uses two doors; the first door locks after entry, and the second door only unlocks after successful authentication, ensuring single-person access.

Why this answer

A mantrap with two interlocking doors and authentication requirements ensures one-person-at-a-time entry, preventing tailgating and piggybacking. This is the gold standard for high-security areas requiring strict access control.

17
MCQeasy

During a routine security audit, you find that an employee has taped their door lock open to avoid using their badge every time they leave for a break. What is the most immediate security concern with this practice?

A.The employee might lose their badge
B.It violates company badge policy
C.Unauthorized persons can enter without credentials
D.The door lock may break from being forced open
AnswerC

Propping a door open eliminates the need for authentication, creating a direct security breach.

Why this answer

Propping a door open bypasses access control systems, allowing unauthorized individuals to enter without credentials. This is a common physical security violation that undermines the entire access control mechanism.

18
MCQmedium

A technician is tasked with securing a shared office printer that stores sensitive documents on its hard drive. The printer is in an open area. Which physical security measure should be prioritized to protect the data on the printer?

A.Enable secure print release with a PIN
B.Encrypt the printer's hard drive
C.Place the printer in a locked room
D.Use a cable lock on the printer
AnswerC

Physical access control prevents unauthorized individuals from tampering with or stealing the printer's hard drive.

Why this answer

Printers with hard drives can retain copies of printed documents. Physically securing the printer in a locked room or cabinet prevents unauthorized persons from removing the drive or accessing the device directly.

19
MCQmedium

A technician is configuring a new server rack in a shared office space. Which physical security measure should be applied to prevent unauthorized physical access to the servers?

A.Install a door alarm on the office entrance
B.Use rack-mount locks on each server chassis
C.Enable BitLocker on all server drives
D.Configure a strong BIOS password
AnswerB

Rack-mount locks physically prevent the server from being slid out or tampered with, directly securing the hardware.

Why this answer

Rack-mount locks secure the server chassis within the rack, preventing unauthorized removal or tampering with individual servers. This is a standard physical control for multi-tenant or shared spaces where racks are accessible.

20
MCQmedium

During a security audit, you discover that a supply closet containing spare hard drives has a door that can be opened with a standard paperclip. What is the most appropriate recommendation to address this vulnerability?

A.Replace the door with a solid-core door and install a deadbolt.
B.Install a privacy filter on the closet door window.
C.Upgrade the lock to a tamper-resistant electronic lock.
D.Place a sign on the door warning of security cameras.
AnswerC

An electronic lock with a secure mechanism prevents bypass with simple tools like a paperclip.

Why this answer

A privacy filter prevents shoulder surfing by limiting the viewing angle of a monitor, protecting sensitive data from being seen by unauthorized individuals. This scenario tests knowledge of visual data protection controls.

21
MCQhard

A technician is deploying laptops for a sales team that works remotely from coffee shops and client sites. The laptops contain sensitive customer data. Which physical security control is most practical for these mobile devices?

A.Install a laptop tracking software
B.Use a biometric fingerprint reader on the laptop
C.Require a smart card for login
D.Attach a cable lock to the laptop
AnswerD

A cable lock physically anchors the laptop to a table or desk, making it difficult to steal, which is the most practical physical control for mobile devices.

Why this answer

For mobile devices, a Kensington lock (cable lock) is a standard, lightweight physical security measure that can be used in various locations to tether the laptop to a fixed object, deterring opportunistic theft.

22
MCQmedium

A technician is troubleshooting why a smart card reader at a secure entrance fails intermittently. Users can sometimes enter, but other times the reader does not respond. What should the technician check first?

A.Update the smart card reader firmware
B.Replace the smart cards for all users
C.Check the cabling and connections to the reader
D.Reconfigure the access control software
AnswerC

Intermittent connectivity often points to loose or damaged cables; verifying physical connections is a quick and effective first step.

Why this answer

Loose or damaged cabling is a common cause of intermittent failures in physical access control systems. Checking the physical connection is a logical first step before moving to software or configuration issues.

23
MCQeasy

A small office wants to restrict access to the server room to only authorized IT staff. They need a solution that does not require keys or cards that can be lost. Which physical security control should they implement?

A.Keyed lock
B.Proximity card reader
C.Biometric lock
D.Cipher lock
AnswerC

Biometric locks use fingerprints or other unique traits, so no keys or cards are needed, meeting the requirement perfectly.

Why this answer

Biometric locks use unique physical characteristics like fingerprints, eliminating the need for keys or cards that can be lost or stolen. This question tests knowledge of access control methods that combine security with convenience.

24
MCQeasy

A user reports that their laptop was stolen from their desk overnight. The security team reviews badge logs and finds no after-hours access to the floor. What physical security control should be implemented to prevent this from recurring?

A.Install a biometric fingerprint reader on the laptop.
B.Require a smart card to log in to the laptop.
C.Use a cable lock to secure the laptop to the desk.
D.Enable full-disk encryption on the laptop.
AnswerC

A cable lock physically attaches the laptop to a stationary object, deterring theft.

Why this answer

Cable locks are simple, effective physical security controls that deter theft by anchoring portable devices to a fixed object. This scenario tests the understanding of basic physical security measures for endpoint devices.

25
MCQeasy

A company is implementing a new policy to prevent tailgating at the main entrance. Which physical security control should they deploy?

A.Security cameras
B.Biometric reader
C.Mantrap
D.Badge reader
AnswerC

A mantrap creates a small vestibule with two doors, allowing only one person to pass after authentication, directly preventing tailgating.

Why this answer

A mantrap uses two interlocking doors to ensure only one person can enter at a time, effectively preventing tailgating. This tests understanding of specialized access controls designed to enforce one-person-per-authentication.

26
MCQeasy

A company wants to secure its server room door so that only authorized personnel can enter. They need a system that can be quickly revoked if an employee leaves and that logs entry attempts. Which physical security control best meets these requirements?

A.A combination lock with a shared code.
B.A biometric fingerprint scanner.
C.An electronic key card system.
D.A physical key and lock system.
AnswerC

Key cards can be individually deactivated and generate logs of each entry attempt.

Why this answer

Electronic key card systems provide both access control and audit trails, making them ideal for environments where access needs to be centrally managed and logged. This question tests the ability to match a security requirement to the appropriate control.

27
MCQhard

A data center manager wants to implement a physical security control that can detect if a server chassis has been opened without authorization. Which control should they use?

A.Intrusion detection system (IDS) on the network
B.Chassis intrusion switch
C.Tamper-evident seals
D.Video surveillance
AnswerC

Tamper-evident seals are placed over chassis screws or seams; any attempt to open the case will break or distort the seal, providing clear evidence of tampering.

Why this answer

Tamper-evident seals show visible signs of removal or tampering, indicating unauthorized access to the server chassis. This is a passive but effective control for detecting physical breaches after they occur.

28
MCQmedium

A technician is configuring a new server room and needs to ensure that only authorized personnel can physically access it. The company wants a solution that does not require replacement of keys or cards if one is lost. Which access control method best meets this requirement?

A.Use a combination lock
B.Implement a biometric fingerprint reader
C.Install a smart card system
D.Use a keypad with a PIN code
AnswerB

Biometrics are tied to the individual and cannot be lost, so no reissuance is needed if a card is lost.

Why this answer

Biometric systems use unique physical traits (fingerprint, retina) that cannot be lost or easily duplicated. This eliminates the need to reissue credentials if a card or key is lost, though biometrics have their own management challenges.

29
MCQmedium

A school district is deploying laptops to students and wants to deter theft while keeping devices usable. Which physical security control should they implement on the laptops?

A.Install a cable lock on each laptop
B.Use a laptop safe
C.Apply asset tracking tags
D.Enable a BIOS password
AnswerC

Asset tags (e.g., RFID or barcode) help track and recover stolen laptops without hindering normal use.

Why this answer

Asset tracking tags allow the school to identify and recover stolen devices, acting as a deterrent and aiding in recovery. This balances security with usability, as the laptops remain fully functional for students.

30
MCQmedium

A company is moving to a new office and wants to secure its server room against both unauthorized entry and environmental hazards. Which combination of physical controls should be implemented?

A.A key lock and a fire extinguisher
B.An electronic badge reader and a temperature sensor
C.A biometric scanner and a security camera
D.A combination lock and a humidity monitor
AnswerB

The badge reader controls and logs access; the temperature sensor monitors environmental conditions to prevent overheating.

Why this answer

Physical security for server rooms should include access control (e.g., electronic lock) and environmental monitoring (e.g., temperature/humidity sensors) to protect equipment. This addresses both security and operational continuity.

Ready to test yourself?

Try a timed practice session using only Physical Security Controls questions.