ASIS ASIS-PSP Dumps

A bidder instruction document typically requests verification of a contractor ' s relevant experience and professional licenses. This ensures the vendor is qualified and legally authorized to perform the work.

A, C, and D include valid components but do not reflect the standard combination used for qualification.

Floodlights are wide-beam lighting devices used to extend horizontal illumination across large areas, particularly along perimeter barriers. Their design makes them effective in lighting long stretches of fencing or property lines to deter and detect intruders. Unlike spotlights or search lights, floodlights disperse light broadly and evenly, reducing shadows and blind spots.

" Search lights " produce narrow beams for focused scanning.

" Perimeter lighting " is a general concept, not a specific lighting unit.

" Fresnel lenses " are components used in optics and are not lighting units.

When a contractor must perform work beyond the original scope of the contract, they submit a change-order request. This formal document details the additional work, associated costs, and justification, and requires approval from the project manager before proceeding.

A (Schedule-of-values request) is related to progress payments.

C (Scope change request) is typically initiated by the client.

D (Justification for change) might support a change-order, but it is not a formal request document.

Asset value in risk management is determined by considering criticality, ease of replacement, and some measure of value. Criticality refers to how important the asset is to organizational operations, including its impact on productivity, safety, and continuity. Ease of replacement evaluates how quickly and easily the asset can be restored or substituted if lost. The measure of value includes financial worth as well as operational or strategic importance. In Human Resource and organizational contexts, this is especially relevant when assessing both physical assets and human capital, as employee roles and skills may be difficult to replace and highly critical to operations. Original cost alone does not reflect true importance, making it less useful. Therefore, option D is correct because it includes the most relevant and comprehensive factors for determining asset value.

In biometric systems:

False Acceptance Rate (FAR) represents unauthorized access.

False Rejection Rate (FRR) represents inconvenience to legitimate users.

From a security perspective, a low FAR is more critical because it ensures that unauthorized individuals are not granted access. A higher FRR can be tolerated in high-security environments, as it affects convenience rather than security.

A (low/low) is ideal but harder to achieve.

C and D (high FAR) compromise security.

The best way to express the impact of a risk in business terms is through monetary value. This allows decision-makers to understand the financial consequences of threats and justify investments in controls or mitigation strategies. Assigning a dollar value helps in prioritizing risks and performing cost-benefit analyses.

B (Cost-benefit ratio) is used in analysis, not direct impact expression.

C (Downtime estimate) is useful, but only a part of financial impact.

D (Frequency graph) represents likelihood, not impact.

Risk transfer refers to shifting the financial burden of potential losses from an organization to a third party, typically through insurance. By paying a premium, the company secures coverage that will compensate for specific losses, thereby reducing its own financial exposure.

References from PSP: ASIS POA – Risk Management and Insurance Strategies; PSP Study Manual – Financial Risk Treatment Options

Although CPTED focuses heavily on natural surveillance, incorporating mechanical or electronic means such as video cameras enhances visibility and monitoring. Surveillance deters criminal behavior and increases the chance of detection.

B (Brick wall) may obstruct visibility.

C (Planting trees) could obscure lines of sight.

D (Revolving doors) relate more to access control than CPTED surveillance goals.

Business continuity involves two core stages:

Business Recovery – restoring critical business functions quickly after a disruption.

Business Resumption – full restoration of all business operations to normal levels over the long term.

This sequence ensures operational stability in the short term and complete restoration in the long term.

A tort is a civil wrong for which a remedy may be obtained in the form of damages. It is based on the idea that individuals owe certain duties to others and can be held liable when they breach those duties, resulting in harm or injury.

Transitivity (A), Reassembly (C), and Procurement (D) are not related to civil legal liability.

Comprehensive Detailed Explanation:

Identity theft is the act of obtaining and using someone else ' s personal or financial information—such as social security numbers, bank details, or credit card information—without permission, often for committing fraud or other criminal activities.

Identity fraud (A) refers to the actual fraudulent acts committed after the identity is stolen.

Identity dissemination (C) and Identity distortion (D) are not standard legal or cybersecurity terms.

Remote access control using CCTV requires two-way communication to authenticate identity, provide instructions, and ensure that individuals requesting entry can be properly engaged. This supports access decisions made by personnel monitoring remotely.

A and D (monitoring and visual analysis) are important but secondary to communication.

C (constant camera display) is inefficient and not a requirement if smart alerting or switching is used.

An intangible asset is a non-physical resource that holds value for an organization, typically contributing to competitive advantage or operational capability. Examples include intellectual property, such as patents, trademarks, copyrights, and proprietary knowledge.

Land, buildings, and natural resources are tangible assets, meaning they have a physical form that can be seen and touched.

Intangible assets are critical in risk assessment because they often require specialized protection strategies, including legal safeguards, access control, and confidentiality measures.

ASIS PSP guidance highlights the need to recognize both tangible and intangible assets when conducting asset valuation and risk assessments, ensuring security measures are appropriately tailored to protect all forms of organizational value.

The correct answer is Capacitance.

Capacitive sensors detect changes in the electromagnetic field around a metallic object. When a metal container enters this field, it alters the capacitance, triggering an alarm or alert.

Photoelectric sensors rely on light interruption or reflection and are typically used for perimeter detection.

Sonic and ultrasonic sensors measure sound waves to detect motion or proximity but are not designed to sense metallic objects via electromagnetic fields.

Capacitive sensing is widely used in security for protecting safes, metal cabinets, and secured storage containers because it provides reliable detection of tampering or unauthorized entry into a defined magnetic field, consistent with ASIS PSP guidance on electronic intrusion detection.

The correct answer is A. Humans.

In the ASIS PSP Body of Knowledge, asset identification is part of Domain One: Physical Security Assessment, where the security professional must identify assets to determine their value, criticality, and loss impact. The PSP Body of Knowledge specifically includes knowledge of the nature and types of assets, including tangible and intangible assets.

A tangible asset is an asset that has a physical form or physical presence. Humans/people are tangible because they physically exist and can be directly protected through physical security measures such as access control, emergency response, life safety systems, barriers, screening, and security staffing.

The other choices are not the best examples of tangible assets:

B. Information is generally treated as an intangible asset, although it may be stored on physical media.

C. Reputation is an intangible organizational asset.

D. Trademarks are intellectual property and are intangible assets.

ASIS also describes the PSP credential as related to protecting an organization’s assets, including people, property, and information, which supports the classification of people/humans as a core asset in physical security.

Therefore, the correct answer is A. Humans.

Among the listed options, asphalt has the lowest reflectance. CCTV performance depends on lighting and surface reflectivity.

Snow (A) has very high reflectance, sometimes exceeding 80%.

Sandy soil (B) and red bricks (D) reflect more light than asphalt.

Asphalt, being dark and non-reflective, absorbs more light, making it harder for cameras to capture detail unless well illuminated.

Capability refers to the potential of a person to commit dishonest acts, and it is considered a controllable variable in security management. The degree of control needed over a person ' s capability depends on their level of honesty. In environments with higher risks of internal threats, security systems, supervision, and checks may be increased to mitigate the risks associated with those who have both opportunity and capability.

The correct answer is D. annually.

In the ASIS PSP Body of Knowledge, lighting is specifically included as an environmental factor that impacts physical security assessment and as a structural security countermeasure. PSP also covers inspection techniques, maintenance of systems and hardware, and ongoing evaluation throughout the security system life cycle.

Exterior security lighting must be evaluated after installation to confirm that the lighting levels, coverage, shadows, glare, blind spots, and protected areas meet the intended security objective. After the initial installation survey, the lighting system should be reviewed annually to ensure it still provides effective illumination and has not been affected by lamp deterioration, damaged fixtures, vegetation growth, changed site conditions, or maintenance issues.

Security lighting guidance also supports an annual security lighting survey, especially when lighting is part of the facility’s protective security program. APTA’s security lighting recommended practice states that a security lighting survey should be performed on an annual basis or when the built environment changes.

Weekly or monthly checks may be useful for routine maintenance, damaged lamps, or outages, but the formal lighting survey after installation is normally conducted annually.

Therefore, the best answer is D. annually.

A successful hybrid security operation integrates both proprietary and contract components effectively. For optimal performance, it should include:

An engaged corporate liaison (A) to ensure communication and alignment with internal needs,

Consistent contract management support (B) for service oversight and accountability,

Accurate quality measurements (C) to monitor effectiveness and performance.

Combining these elements ensures that both internal and contracted personnel function cohesively and according to the organization ' s goals.

Comprehensive Detailed Explanation:

A security system acceptance test verifies that the system has been installed according to the design and is operating properly. This includes ensuring cameras are correctly aimed, focused, and provide the intended coverage and image quality. This practical verification is critical for performance validation.

B and C may be part of training or specific functionality checks but are not core acceptance test items.

D refers to reliability testing, which is separate from initial acceptance.

Proprietary security services are those in which the security personnel are hired, trained, and managed directly by the organization they protect. They are part of the company’s staff and are not outsourced from external firms. Proprietary security typically ensures tighter integration with company culture and policies and offers better control over personnel and procedures.

Contract security services (Answer D) involve third-party firms providing personnel who are not employees of the protected organization.

Security enforcement (Answer B) is a general term, not a specific classification.

Pilferage (Answer C) refers to theft and is unrelated to service type.

Special-use alarms are tailored to monitor specific environmental or operational conditions. They include sensors and devices that detect temperature thresholds, toxic gas presence, machine vibrations, or over-speed conditions in mechanical systems. These alarms are critical in industrial and hazardous environments.

Risk transfer involves shifting the financial impact of a risk to a third party, such as through an insurance policy. By purchasing insurance, the organization transfers the monetary burden of certain events (e.g., theft, damage, liability) to the insurer.

A (Avoidance) means eliminating the risk entirely.

C (Reduction) involves lowering the likelihood or impact.

D (Spreading) divides the risk among multiple entities, not full transfer.

Strict liability applies when a manufacturer or service provider is held legally responsible for damages or injuries caused by a defective product or service, regardless of fault or intent. This type of liability is often associated with consumer protection laws, where the focus is on the danger posed to the user rather than negligence on the part of the provider.

Plaintiff (B) is the party bringing the suit.

Defendant (C) is the party being sued.

" None of the above " (D) is incorrect since " Strict liability " is the correct legal principle.

Performance testing typically involves precise measurement using calibrated instruments or devices to ensure systems meet specified performance criteria (e.g., camera resolution, sensor range, alarm response time).

A (Operational) testing checks usability.

C (Subsystem) testing targets individual components.

D (Post-maintenance) confirms system functionality after servicing.

The three keys to a successful contract or partnership in the context of security management are:

Accessibility: Open communication and availability between parties.

Meetings: Regular reviews and check-ins to ensure alignment.

Resource Management: Efficient allocation and use of both personnel and technical resources.

These three elements contribute to maintaining accountability, service quality, and responsiveness between the security provider and client.

Intrusion sensor performance is commonly evaluated using three key criteria: probability of detection, nuisance alarm rate, and vulnerability to defeat. Probability of detection measures how effectively the sensor identifies actual intrusions. Nuisance alarm rate refers to the frequency of false or unnecessary alarms, which can reduce trust in the system and lead to complacency among personnel. Vulnerability to defeat assesses how easily the sensor can be bypassed or compromised by an intruder. From a Human Resource and organizational management perspective, these factors are critical because they directly influence employee response, security awareness, and overall workplace safety. High false alarm rates may lead to reduced attentiveness among staff, while poor detection capability or high vulnerability can expose the organization to risks. Therefore, option D correctly represents the standard performance criteria.

Physical security refers to measures taken to protect personnel, equipment, and property from threats such as theft, vandalism, and natural disasters. This includes the use of locks, barriers, surveillance systems, access controls, and emergency response planning. It is a foundational element of organizational security strategy.

Insurance should be viewed as a complementary component of a security program, not a replacement. It provides financial recovery after a loss has occurred but does not prevent the loss itself. Security operations—including physical barriers, surveillance, policies, and personnel—serve as the primary defense against threats. Insurance mitigates the financial impact only after an incident.

Comprehensive Detailed Explanation:

Nuisance alarm rate is a measure of system reliability and is calculated by tracking the number of false or unwanted alarms over a specified time. This metric is crucial for tuning sensor performance and reducing unnecessary responses.

A, B, and C provide insights but are not standard methods of calculating nuisance alarm rate.

From a management perspective, organizing a security operation involves multiple interconnected activities:

Planning and goal setting (A) to define the scope and objectives.

Establishing controls (B) such as policies, standard operating procedures, and compliance mechanisms.

Hiring personnel (C) with appropriate qualifications and placing them in roles suited to their capabilities.

All these components work together to structure and guide the security effort effectively.

A security survey is a detailed, on-site examination of an organization’s premises, operations, procedures, and systems. Its purpose is to identify weaknesses, evaluate risks, and recommend countermeasures. It includes physical inspection, interviews, documentation reviews, and testing of current security controls.

This is distinct from a risk analysis (which is more data-focused) or a performance audit (which evaluates outcomes rather than vulnerabilities).

References from PSP: Physical Security Assessment – ASIS POA; PSP Certification Study Manual – Domain 1

Infrared beam sensors are typically used to detect movement across open areas and are line-of-sight devices. They are not well-suited for enclosed or small, solid objects like safes. They can be easily bypassed or may not be triggered when tampering with a safe that doesn’t break the beam.

A, B, and D are more effective around physical objects:

Capacitance can detect touch or presence.

Microwave can detect motion or disturbance.

Fiber optic cable can detect physical interaction or tampering.

In the design phase of a security project, key deliverables include detailed equipment lists, drawings, system specifications, and layout plans. These elements guide the eventual procurement and installation processes.

A, B, and C include elements from other project phases like planning (A), procurement (B), and feasibility (C).

Screening is the process of identifying the most suitable candidates for a job, factoring in both qualifications (skills and experience) and personal integrity. This may involve background checks, interviews, and reference verification to ensure candidates are reliable and trustworthy.

Vetting (C) is often used interchangeably but generally refers more narrowly to background checks.

Recruitment (B) is the broader process of attracting candidates.

Inspection (A) refers to a physical or procedural review, not personnel selection.

Electromechanical sensors, including magnetic reed switches and contact sensors, are the most common type used on doors and windows. They detect the opening or closing of an entry point and are widely deployed in intrusion detection systems.

A (Capacitance), C (Infrasonic), and D (Fiber optic) sensors are more specialized and not commonly used for standard door/window monitoring.

Vicarious liability arises when one party (often an employer or principal) is held legally responsible for the actions of another party (such as an employee or agent), particularly when the controlling party has authority over the actions being performed. This principle is central to agency law and is especially relevant in security services and corporate liability cases.

Compliance liability (A), Active liability (C), and Passive liability (D) are not formal legal terms in this context.

The description in the question refers to a " qualified " or " trained " individual in security or loss prevention, but none of the answer choices—Engaged liaison, Review personnel, Supportive person—specifically identify a person already knowledgeable in loss prevention and security. Therefore, “None of the above” is the correct choice as it best fits the context.

Engaged liaison (A) refers to someone facilitating coordination, not necessarily with security knowledge.

Review personnel (B) and Supportive person (C) are too generic and do not accurately define a trained security professional.

In the PSP methodology, the preliminary design phase includes both threat assessments and vulnerability analyses.

Threat assessment identifies potential adversaries, hazards, and scenarios that could negatively impact the facility or operations.

Vulnerability analysis examines weaknesses in systems, processes, and physical infrastructure that could be exploited by threats.

These analyses inform the design of security measures by determining risk exposure and guiding the selection of protective layers. While operating security reviews and security systems architecture focus on implementation and operational evaluation, the preliminary design phase is where risks are systematically identified and addressed in the system concept and specifications, consistent with ASIS PSP guidance.

If stairwells are used regularly for inter-floor travel and permitted by local code, the best practice is to maintain both life safety and security. This can be done by installing approved access control devices (e.g., card readers) and two-way communication systems (intercoms) to manage access while allowing emergency use.

A (Fail-secure locks) could pose a safety risk in emergencies.

B (Unlocked doors) may violate building security policies.

C (Selective unlocking) is inconsistent and may cause confusion during emergencies.

Integrity, in the context of information security, refers to ensuring data is accurate, consistent, and unaltered by unauthorized actions. Maintaining integrity prevents data manipulation or corruption, ensuring reliability for organizational decision-making.

Analysis (A) is the process of evaluating data.

Security (C) is a broader term encompassing integrity, confidentiality, and availability.

Availability (D) ensures access but does not guard against data tampering.

Comprehensive Detailed Explanation and References

Intrusion alarms are systems specifically designed to detect unauthorized entry into a protected area while the system is active. These alarms respond when a perimeter is breached, such as through windows, doors, or motion detection. When triggered, they signal unauthorized access.

Hold harmless clauses are contractual provisions that attempt to shift liability from one party to another—typically from the hiring organization to the contractor. However, under the principle of non-delegable duty, courts often do not honor these clauses when essential legal responsibilities (like ensuring public safety) are involved. This reinforces that certain legal obligations cannot be waived or outsourced.

Options A and B are not recognized legal phrases.

Site acceptance testing is the best choice because it verifies that the completed security system, once installed at the client’s location, meets the physical and functional requirements stated in the contract. This form of testing confirms that the system performs properly in the actual operating environment, where real conditions such as layout, user interaction, workflows, and site-specific risks can affect performance. In organizational and Human Resource related operations, this is important because employees, supervisors, and security personnel must rely on systems that function correctly in daily practice, not only in theory or in a factory setting. Factory testing may confirm equipment quality before delivery, but it does not fully prove contract compliance after installation. Therefore, site acceptance testing provides the most reliable demonstration to the client that all specified requirements have been met.

A clearly defined and executed procurement contract is critical to successful implementation of a physical security construction project. It outlines scope, deliverables, timelines, cost structures, and responsibilities, ensuring all parties operate with aligned expectations and accountability.

A (RFQ) is a pricing request, not a contract.

B (BIA) informs continuity planning, not project execution.

D (Cost analysis) is useful but not foundational for execution.

Continuity planning involves developing strategies and procedures to ensure that critical infrastructure, processes, and systems continue to function or are restored promptly after a disruption. It includes emergency response, crisis management, recovery, and resumption phases.

Contingent planning (A) is not a standard term.

Resource planning (C) focuses on allocation of resources, not continuity.

Resumption planning (D) is a subset of continuity planning.

The three most common categories of risk in organizational security are:

Personnel: Risks to human safety and behavior.

Property: Risks to physical and digital assets.

Liability: Legal exposure due to negligence or failure to act.

This classification helps align mitigation strategies and insurance planning.

A and D incorrectly list “hazards” as a category rather than a risk source.

B omits personnel, a critical category.

A limited area is a controlled zone within a facility where a higher level of security is required than in general access areas. These are typically used to protect sensitive operations or assets. Access is restricted to authorized individuals who require entry for specific operational duties.

Pass system area (B) refers to the access control method, not the area classification.

Multiple areas (C) and External area (D) are not specific security designations.

The correct answer is D. retinal pattern recognition.

In PSP physical security design, access control is part of integrated physical security systems and countermeasure implementation. ASIS describes the PSP credential as covering physical security assessments, integrated physical security systems, and implementation/evaluation of security measures.

Retinal pattern recognition is a biometric access control method. It verifies a person based on a unique physical characteristic rather than something the person carries or knows. Biometric authentication uses unique body characteristics such as retinas, fingerprints, facial structure, or other biological traits for security and authentication.

The other options provide lower security by comparison:

A. Proximity card — possession-based credential; it can be lost, stolen, shared, or cloned.

B. Computer-controlled keypad — knowledge-based credential; PINs can be observed, guessed, shared, or compromised.

C. Smart card — stronger than a basic proximity card, but still a possession-based credential unless combined with PIN or biometric verification.

D. Retinal pattern recognition — biometric; tied directly to the individual and therefore provides the highest level of security among the listed options.

Therefore, for a high-security area such as a data center, the best answer is D. retinal pattern recognition.

A significant issue in the operation of intrusion detection systems is the occurrence of false positives and false negatives. A false positive happens when the system signals an alarm even though no real intrusion has occurred, while a false negative happens when an actual intrusion is not detected. In organizational and Human Resource related security management, both problems are serious because they affect employee trust, response efficiency, and overall workplace safety. Frequent false alarms can cause staff to become less responsive or careless, while missed detections can expose personnel, assets, and sensitive information to harm. Effective training, proper maintenance, and accurate calibration are essential to reducing these issues. Therefore, option B is correct because false positives and false negatives are among the most important operational concerns in intrusion detection systems.

The first step in planning any new security initiative is to gain the support of upper management because organizational commitment is essential for success. In Human Resource and organizational management practices, leadership approval ensures that adequate resources, authority, and strategic alignment are available before any detailed planning begins. Without management support, efforts such as budgeting, conducting surveys, or selecting equipment may lack direction, funding, or long-term sustainability. Securing executive backing also helps in establishing policies, enforcing compliance, and promoting a culture of safety and accountability within the workplace. Once leadership support is obtained, the organization can proceed with risk assessments, budgeting, and implementation planning in a structured and effective manner.

Line supervision is a critical security feature used to monitor the integrity of wiring between sensors and the alarm processor. When multiple interior sensors are connected, supervision must exist between the processor and each individual detection sensor to ensure that any tampering, disconnection, or fault is immediately identified. This approach enhances reliability and accountability within the system. In Human Resource and organizational security management, reliable detection systems are essential for protecting employees, assets, and facilities. If supervision were only applied to groups or loops, a failure at one sensor might go unnoticed, creating a security gap. Individual supervision ensures precise fault identification and faster response, supporting effective incident management and maintaining workplace safety. Therefore, option B is correct because it ensures maximum system integrity and performance.

Smoldering burning is the final phase of a fire where visible flames are no longer present, but extreme heat persists. This occurs when the available fuel is nearly consumed, or oxygen is limited, creating a high-temperature environment without active flames. It poses a serious re-ignition risk.

Ignition stage (B) is the beginning of the fire.

Last stage (C) is too vague.

Incipient stage (D) refers to the early development before flames appear.

Fail-safe locks are designed to unlock automatically when power is removed. This ensures people can exit during emergencies such as fire alarms or power outages. It is a critical safety requirement in most building codes.

A may be true for integrated systems but doesn’t define fail-safe.

B describes fail-secure, which keeps the door locked during power failure.

D (Tamper resistance) relates to durability, not fail-safe function.

An Invitation to Bid (ITB) is typically used when the buyer has clearly defined requirements and a good understanding of the market offerings. It focuses on obtaining competitive pricing for known solutions and is suitable for well-specified projects where minimal deviation is expected.

B (Request for proposals) is used when buyer needs input on how to meet requirements.

C (Sole source) limits competition and is only used under specific conditions.

D (Request for quote) is generally used for lower-cost, commodity items.

The Chief Security Officer (CSO) is responsible for overseeing an organization’s entire security posture—including physical, personnel, and sometimes information security. A crucial part of this role is ensuring that communication channels are effective. The CSO must analyze these channels regularly to ensure that the information received is accurate, relevant, timely, concise, and actionable for security operations and decision-making.

CIO (A) focuses on IT systems.

Information Security Officer (B) handles cybersecurity but may not oversee overall physical security.

Chief Minister (C) is a governmental/political role, not organizational security.

The statement is incorrect. The correct definitions are:

Libel is written defamation—false and damaging statements published in writing or other fixed mediums.

Slander is oral defamation—spoken false statements meant to damage someone’s reputation.

So, libel is not oral; slander is.

When a bomb threat targets a specific floor, safety protocols typically mandate evacuation of the identified floor and the floors immediately above and below. This accounts for the potential blast radius and structural impact, ensuring personnel safety in adjacent vulnerable areas.

A is too vague.

C and D (all floors above or below) may be excessive unless threat specifics demand it.

Detention, particularly in the context of retail loss prevention, refers to the practice of holding a suspected shoplifter temporarily while investigating or waiting for law enforcement. This concept has evolved to provide legal protection for merchants when they act in good faith and with reasonable cause.

Release (A) and Confinement (B) do not fit the protective context.

None of the above (D) is incorrect because " Detention " is a valid and specific term used.

In video surveillance and lighting design, reflectance refers to how much light a surface reflects back to a camera. Surfaces with low reflectance absorb more light and appear darker, making visibility more challenging. Asphalt has the lowest reflectance among the listed options because it is a dark, dense material that absorbs most of the light rather than reflecting it. In contrast, snow-covered fields have very high reflectance, and sandy soil and brick surfaces reflect moderate amounts of light. From a Human Resource and workplace safety perspective, understanding surface reflectance is important when designing secure environments, as poor visibility can affect employee safety, monitoring effectiveness, and incident response. Proper lighting must compensate for low-reflectance surfaces like asphalt to ensure clear surveillance and maintain a safe and secure workplace.

The number of security personnel required is typically directly proportional to the size and complexity of a facility, not inversely. Larger facilities or those with more employees often require more security staff to ensure adequate coverage, surveillance, access control, and emergency response. Factors influencing personnel needs include square footage, asset value, location, threat level, and operational hours.

The statement in the question is incorrect, making the correct answer " False. "

Workstations can serve as basic servers in small networks. While they are typically used for individual tasks, they can be configured to act as servers for file sharing, printing, or hosting lightweight applications without needing specialized installation or infrastructure.

Minicomputers (B) are outdated mid-range systems.

Supercomputers (C) are specialized, high-cost systems for massive computations, not typical servers.

“None of the above” (D) is incorrect because workstations can indeed be used as servers.

Throughout the life of a project, the project manager spends the most time on control activities. This includes monitoring progress, managing changes, addressing issues, ensuring compliance with scope, cost, and schedule, and keeping stakeholders informed. Control is ongoing from initiation through closeout.

A (Documentation), B (Meetings), and C (Planning) are important but represent specific tasks or phases, not the most time-consuming activity overall.

Comprehensive Detailed Explanation:

A project is defined as a temporary endeavor undertaken to create a unique product, service, or result. In security, examples include designing and installing a new access control system or conducting a vulnerability assessment.

A (Scope of work) outlines what a project includes.

B (Work breakdown structure) is a tool used in managing a project.

D (System) refers to a set of components working together, not the temporary process to build it.

Security system maintenance specifications should ensure that updates and upgrades are formally included under a software maintenance agreement. This provides for continuous support, ensures compatibility with evolving platforms, and addresses security vulnerabilities.

A and C refer to warranty and product life, which may not include proactive updates.

B (Service level agreement) addresses performance metrics, not software specifically.

The owner’s formal acceptance of a security system—usually after site acceptance testing—is the point at which the warranty period typically begins. From this moment, the vendor or contractor is responsible for addressing defects or performance issues as stipulated in the contract.

B and C (Phase II references) are not standard project stages.

D (Site acceptance testing) occurs before acceptance and warranty activation.

A complete Physical Protection System (PPS) procurement package must include:

Contract terms and conditions

Instructions for bidders

Technical system specifications

Design drawings

This ensures that all vendors have a uniform understanding of the scope and requirements, leading to accurate and comparable proposals.

A, B, and D include valid elements, but only C includes all core components required at minimum.

Intangible assets are non-physical resources that carry value for an organization and require protection despite lacking a tangible form. Patents are a classic example because they represent proprietary technology or intellectual property, which can provide competitive advantage and legal protection.

Reputation and digital files may hold value, but in PSP asset valuation, patents are specifically recognized as legal intangible assets with quantifiable ownership rights.

Obsolete equipment is a tangible, depreciated asset and does not qualify as intangible.

Properly identifying and valuing intangible assets like patents ensures that security strategies address not only physical property but also intellectual and proprietary assets, aligning with PSP guidance on comprehensive asset protection.

While terrorism countermeasures can be part of a broader protective strategy, they are not a core element in every protective system. Effective protective systems are designed based on specific threats and assets and typically integrate:

Physical measures (barriers, lighting)

Procedural measures (policies, response plans)

Threat/asset/risk alignment (A)

Terrorism countermeasures are highly specialized and situational—they are not a universal element in all protective systems, particularly for facilities not at risk of terrorism.

Record safes are designed primarily to protect documents from fire, not theft. They often lack adequate burglary resistance features. Using record safes for storing valuables such as cash, jewelry, or sensitive items prone to theft is a major security vulnerability. This misapplication can lead to easy compromise during unauthorized access or burglary.

???? References:

ASIS International, Protection of Assets (POA), Chapter: Asset Protection and Safes

ASIS PSP Study Guide, Physical Security Devices

A deadbolt lock must have sufficient bolt projection, known as the throw, to resist forced entry techniques such as jamb spreading. The recommended minimum throw is 1 inch because it ensures that the bolt extends deeply into the door frame, increasing resistance against prying or forced separation of the door and frame. In organizational and Human Resource security management, proper physical security measures are essential for protecting employees, assets, and sensitive areas. Installing locks with inadequate throw length may create vulnerabilities that can be exploited easily. While shorter throws may offer basic locking, they do not provide the level of resistance required for secure environments. Therefore, selecting a deadbolt with at least a 1-inch throw supports stronger access control and contributes to overall workplace safety and risk reduction.

Scavenging refers to the process of retrieving residual data from system memory (such as RAM) or buffers. This data remains until it is overwritten or the system is powered off. Scavenging can be used by attackers to recover sensitive information such as passwords or encryption keys.

Random memory (A) is not a valid term.

Awaiting memory (C) and Search memory (D) are not industry terms.

The first step in protecting a company and its assets is to conduct a threat and vulnerability analysis because it identifies potential risks and weaknesses that could impact the organization. In Human Resource and organizational security management, understanding threats such as theft, insider risks, or external attacks, along with vulnerabilities like poor training, weak procedures, or lack of controls, is essential before implementing any protective measures. This analysis provides the foundation for developing effective security strategies, policies, and employee awareness programs. Without first identifying what needs protection and where weaknesses exist, other steps such as cost analysis or business impact analysis may be ineffective or misdirected. Therefore, option C is correct because it establishes the baseline for informed decision-making and effective asset protection planning.

An auxiliary alarm system uses a direct connection (usually via leased lines) to a public emergency service center, such as police, fire, or 911. This provides rapid response but limits control to only the responding agencies, unlike proprietary or central station systems.

Post orders are written instructions for security personnel detailing duties, responsibilities, and conduct at a specific post. These orders must clearly express the policies and expectations of the protected organization, ensuring alignment with security protocols and business objectives.

A (Reviewing shift log) is a task, not a policy directive.

C (Verbal instructions override written) contradicts best practice.

D (Policies of local authorities) may influence actions but do not replace enterprise policies in post orders.

Comprehensive Detailed Explanation:

A Business Impact Analysis (BIA) identifies and prioritizes critical business functions that are essential to the survival and continuity of operations. The results of the BIA help guide recovery strategies, resource allocation, and business continuity planning.

A (Budget) and B (Personnel allocation) are determined later, informed by the BIA.

C (Number of hot sites) is a strategic outcome but not the direct purpose of the BIA.

Staff authority occurs when individuals (such as a chief executive officer or department head) are given delegated authority by their superior but do not sit directly in the operational chain of command. They support line functions by providing recommendations, analysis, and specialized services. Unlike line authority, which involves direct supervision, staff authority enables influence through expertise or policy.

Financial authority (A) pertains to budget control.

Control authority (B) is not a formal organizational term.

Dominance authority (D) is not used in standard management structures.

Contingency planning traditionally focuses on:

Infrastructure (A)

People (B)

Processes (C)

While reputation is a concern in broader risk management and public relations, it is not considered a direct category of contingency planning programs, which deal more with operational continuity than brand management.

In physical security, the term " perimeter " refers to the outer boundary of a property or facility. This includes fences, walls, gates, and other barriers that mark the edge of the secured area. In contexts where yard space and warehousing are used (such as in industrial or urban logistics operations), the perimeter defines the boundary of company-owned property and is critical for physical access control.

“Fence” (A) and “Wall” (B) are types of perimeter barriers.

“Chain link” (D) is a material used in fences, not a boundary in itself.

Perimeter protection is addressed in Domain 2: Application, Design, and Integration of Physical Security Measures.

???? References:

ASIS International, Physical Security Principles (PSP) Study Guide – Domain 2

Protection of Assets (POA) Manual – Chapter: Perimeter Security

ASIS Glossary of Security Terms

Comprehensive Detailed Explanation:

Contingency planning in security and business continuity comprises four key components:

Emergency Response – immediate action to protect life and assets.

Crisis Management – command, communication, and decision-making during crises.

Business Recovery – restoring critical functions temporarily.

Business Resumption – restoring full, normal operations post-disruption.

Other options include irrelevant terms such as “pressure devices” or “under investigation,” which are not core to contingency planning.

An electric strike allows for remote electrical locking and unlocking while still permitting free mechanical egress from the protected (inside) side of the door. This is essential for life safety and code compliance, especially in commercial and public buildings.

A (Vertical pin) is a mechanical lock component, not an electric device.

B (Electromagnetic) locks typically require power to release and may not allow mechanical egress without integration.

D (Delayed egress) restricts exit temporarily, which may violate free egress rules depending on application.

Risk treatment strategies are determined by an organization’s top management because they have the authority to align risk decisions with overall business objectives, resources, and risk tolerance. In Human Resource and organizational management, senior leadership is responsible for setting policies, approving budgets, and establishing priorities that affect the entire enterprise. Risk treatment involves decisions such as accepting, reducing, transferring, or avoiding risks, which require a strategic perspective beyond individual departments. While security managers and operational managers provide valuable input and expertise, they do not have the final authority to determine organization-wide strategies. Similarly, insurance carriers only play a role in risk transfer, not decision-making. Therefore, option A is correct because top management ensures that risk treatment aligns with organizational goals, compliance requirements, and long-term sustainability.

Under the 51 percent rule, a plaintiff can recover damages only if they are 50% or less at fault. If they are 51% or more responsible, they are barred from any recovery. Thus, the correct condition is that their contribution to the negligence must be less than 51% (i.e., up to and including 50%).

Answers B, C, and D contain incorrect thresholds and wording.

Substantive law defines the legal relationship between individuals, including rights, duties, and legal obligations. It governs how people behave in society and outlines the legal consequences for certain actions.

Procedural law (A) refers to the methods and processes for enforcing substantive laws (e.g., court procedures).

Statutes suit (B) and Constructive law (D) are not standard legal classifications.

An “innocuous virus” is not a formally recognized type of computer virus. All viruses, by definition, are considered malicious because they replicate without authorization and potentially cause harm, whether immediate or latent.

Common types of viruses include:

Humorous (B): A virus designed to prank users without causing real harm (e.g., funny messages).

Hostile (C): Actively destructive or malicious.

Altering (D): Modifies system files or behaviors.

" Innocuous virus " (A) is a misnomer, making it the correct choice as " not " a virus type.

In risk assessment and security management, predictability refers to how likely it is that a person, group, or threat source will act in a certain way based on known patterns, intentions, or circumstances. This makes predictability mainly an indicator of behavior. In Human Resource and organizational risk contexts, behavior is an important factor because employee actions, workplace conduct, and responses to policies can often be anticipated from past patterns, attitudes, or warning signs. Understanding predictability helps organizations assess the likelihood of insider threats, misconduct, noncompliance, or other security-related actions. It is not primarily a measure of crisis deterrence, event history alone, or how effective countermeasures are. Instead, it focuses on the expected conduct of individuals or threat sources. Therefore, option A is the most accurate answer because predictability is fundamentally linked to behavior.

Transportation terminals—such as airport cargo areas, seaports, and train yards—have implemented access controls that limit entry to underground or restricted zones. These security measures help prevent unauthorized access and protect critical infrastructure and high-value cargo.

Maritime operations (A) refer to port activities but not specifically to underground security.

Security measures (B) is too general.

Resealing (D) is not relevant to underground access control.

When budgeting for replacement systems, planners must consider how quickly current technologies become outdated. Accelerating obsolescence—driven by rapid innovation and evolving threats—means that replacement cycles may need to occur sooner, and newer systems should be scalable and upgradeable.

A, B, and C are valid concerns but do not directly relate to future-proofing or replacement planning due to obsolescence.

Comprehensive Detailed Explanation:

To implement effective preventive maintenance, you must have access to the manufacturer ' s specifications for each component. These specifications provide details such as recommended maintenance intervals, acceptable tolerances, environmental operating conditions, and part replacement guidelines.

A (MTBF), B (Performance reports), and C (Failure rates) are useful for analysis, but the foundational document for preventive action is the manufacturer’s specification.

One of the key indicators of effective management is the ability to delegate responsibilities. Delegation allows managers to focus on strategic oversight rather than becoming bogged down in tasks that can be handled at lower levels. This empowers staff, improves efficiency, and enhances organizational agility.

Managers who fail to delegate often become bottlenecks, negatively impacting team performance.

In the organizational structure of a security function, the core activities typically include:

Managerial: Oversight, policy development, leadership.

Administrative: Recordkeeping, personnel management, compliance.

Preventive: Strategies and operations to deter incidents before they occur.

Investigative: Reactive efforts to determine the cause of incidents or breaches.

These functions vary depending on the organization and risk profile but represent the foundational elements of an effective security program.

Probability of detection refers to the likelihood that an intrusion or unauthorized action will be identified by the security system. It is a key performance metric used to evaluate the effectiveness of electronic security components such as sensors and alarms. A high probability of detection means a more reliable system.

A (System validation) is a phase where detection may be measured, but it’s not the definition.

B (Officer response) is unrelated to detection probability.

D (Response timing) is part of delay or intervention, not detection.

An Uninterruptible Power Supply (UPS) is the best solution to immediately mitigate the risk of power loss in a computer. It provides backup power instantly upon power failure, allowing safe shutdown or continued operation for a limited period.

A (Surge protector) protects against voltage spikes but doesn’t provide backup power.

C (Emergency generator) has a startup delay and is more suitable for large systems.

D (Batteries) are components of a UPS, not a standalone mitigation.

The classic “fire triangle” describes the three elements necessary for fire to occur:

Heat – to raise material to ignition temperature

Fuel – combustible material

Oxygen – typically from the air, to sustain combustion

Removing any one of these three elements will prevent or extinguish a fire.

Risk avoidance means eliminating a threat entirely by discontinuing the activity or removing the condition that creates the risk. For example, if transporting valuable goods through a high-risk area poses too much danger, a company might choose to stop shipments through that route altogether.

References from PSP: Risk Treatment Options – ASIS POA; PSP Study Guide – Security Strategy Planning

Line devices transmit signals from the sensor (or alarm initiating device) to a remote monitoring or control station. These can be hardwired or use wireless transmission lines. They form the backbone of alarm communication infrastructure.

This definition matches the U.S. Department of State and ASIS definitions of terrorism. It highlights the political and psychological components of terrorism, including the targeting of civilians and the intent to instill fear or send a political message.

Risk assessment is a foundational step within the risk management process—not an alternative to managing risk. Alternatives to optimize risk management include:

Risk avoidance: eliminating the activity causing the risk

Risk transfer: shifting the risk to another party (e.g., through insurance)

Risk spreading: distributing the risk to reduce overall impact

Risk assessment, in contrast, is the evaluation of threats and vulnerabilities and precedes these treatment decisions.

References from PSP: Risk Treatment Options – ASIS POA; PSP Study Guide – Risk Management and Analysis

Proprietary security officers are employed directly by the organization they protect, which often leads to:

Higher loyalty to the organization (B),

Stronger identification with company values,

Higher prestige and potential quality of personnel (A, D).

However, this close affiliation can reduce impartiality, especially in situations involving internal investigations or enforcement actions against coworkers or executives.

Comprehensive Detailed Explanation:

Pre-qualifying vendors ensures that only those with the necessary experience, resources, and qualifications are invited to bid on a project. This avoids wasted effort on unqualified proposals and increases the likelihood of successful project execution.

A (Code enforcement) and D (Spec compliance) happen during later review stages.

C (Financial stability) is one part of the evaluation but not the sole goal.

Proprietary (in-house) security often provides better control over personnel, consistency in training, greater loyalty, and better integration with the corporate culture. This can enhance overall performance and organizational prestige.

B, C, and D list some advantages but miss the full combination that best defines proprietary staffing benefits.

Preventive maintenance involves proactive actions taken to ensure systems continue to operate efficiently and to prevent failures before they occur. Updating system and application software is a clear example of preventive maintenance because it improves system performance, addresses vulnerabilities, and ensures compatibility with current operational requirements. In Human Resource and organizational management contexts, preventive maintenance supports uninterrupted operations, protects organizational assets, and ensures employee safety by reducing the likelihood of system failures. In contrast, investigating problems, restoring systems, and updating documentation are reactive or corrective maintenance activities that occur after an issue has already arisen. Preventive measures like regular updates, inspections, and testing help maintain reliability and reduce downtime. Therefore, option B is correct because it reflects a proactive approach to maintaining system effectiveness.

The three primary types of cost estimates used during the implementation of a physical protection system are:

Budgetary: Initial estimate for planning and approval.

Preliminary design: Estimate based on conceptual design.

Final design: Detailed cost based on approved construction documents and specifications.

This staged estimation approach helps refine costs as the design evolves.

Other options mention contingency or maintenance, which are important but not considered one of the three standard estimating stages.

Risk spreading refers to decentralizing operations or distributing assets so that if one site or operation is compromised, the entire organization isn’t paralyzed. For example, backing up data across multiple locations ensures that the loss of one system doesn ' t cause total data loss.

References from PSP: Risk Management Techniques – ASIS POA; PSP Certification Guide – Business Resilience Measures

A good risk management program incorporates multiple stages:

Identifying risks or vulnerabilities (e.g., threats to assets or processes)

Analyzing risks based on likelihood and potential impact (quantitative or qualitative assessment)

Evaluating and aligning existing or proposed security programs to determine adequacy and needed improvements

All three elements are part of a systematic approach to managing security and organizational risk effectively.

References from PSP: Risk Management Process – ASIS POA; PSP Study Manual – Security Program Development

Passive Infrared (PIR) sensors operate by detecting changes in infrared radiation (heat) levels in a given area. They do not emit any energy but instead sense the movement of heat signatures (typically from people) across a background that has a stable infrared profile. When a warm object moves in front of the sensor, it registers a change and triggers an alert.

B and C describe active sensors (e.g., microwave or ultrasonic).

D refers to analyzing reflected infrared, which is not how PIR sensors function.

The critical detection point in a Physical Protection System (PPS) occurs when the remaining distance or time an adversary must cover before reaching the target exceeds the security response time. This ensures that detection happens early enough for responders to act and intervene before the attacker reaches the asset.

B and C refer to detection and interruption probabilities, which are important metrics but not the defining threshold for the critical detection point.

D (Remaining delay time) factors into the protection layers but does not define the detection threshold.

Modern terrorism, unlike historical or localized violence, leverages advanced technologies and global networks. It necessitates comprehensive national strategies involving political decision-making, resource allocation, intelligence, law enforcement, and industry collaboration to combat the sophisticated threats posed.

Software piracy is the unauthorized copying, distribution, or use of copyrighted software. This includes reselling or giving away licensed programs without proper authorization from the copyright holder.

Identity theft (A) involves stealing personal information.

War driving (B) is about locating open Wi-Fi networks.

Unauthorized access to software (C) is related but not specific to copying and distribution.

The primary purpose of analyzing data collected during a risk analysis is to support informed decision-making regarding identified risks. In Human Resource and organizational management, data-driven decisions are essential for effectively prioritizing threats, allocating resources, and implementing appropriate security measures. By evaluating collected data, a Physical Security Professional can understand the likelihood and impact of risks, identify vulnerabilities, and determine the most suitable mitigation strategies. While options such as identifying peak activities, selecting technologies, or communicating with management may result from the analysis, they are secondary outcomes. The core objective remains to guide sound and informed decisions that enhance organizational safety and operational efficiency. Therefore, option A is correct because it reflects the fundamental purpose of risk analysis in supporting strategic and evidence-based decision-making.

Proximity badges use radio-frequency identification (RFID) technology, allowing them to be read without physical contact. When held near a reader, the embedded chip transmits its identifier wirelessly.

A: Embedded parallel wires are characteristic of older magnetic stripe cards.

C: Proximity cards contain ID numbers, not personal data.

D: Optical sensors apply to barcoded or Wiegand cards, not proximity cards.

System integration combines technology, procedures, and people—i.e., personnel—to create a cohesive and effective security solution. Personnel are essential for operating, monitoring, and responding to events within the system.

A (Safety) and D (Management) are broader organizational functions.

B (Equipment) is a part of the technology component, already implied.