CDCP Physical Security and Access 2

Question 1

What is 'tailgating' (or 'piggybacking') in the context of data center physical security, and how is it mitigated?

Accepted Answer

Tailgating is when an unauthorized person follows an authorized person through a secured door without presenting their own credentials; mitigated by mantraps, turnstiles, security awareness training, and access portal systems

Answer

Tailgating is an attack where a vehicle follows a data center delivery truck to gain access to a secure loading dock; mitigated by anti-vehicle barriers and guard verification

Answer

Tailgating is the practice of using another employee's access card while they are not present; mitigated by biometric authentication

Answer

Tailgating refers to unauthorized access to rooftop equipment by climbing the building exterior; mitigated by security cameras and motion sensors

Question 2

What is a 'mantrap' (security vestibule or airlock) and how does it enhance data center access control?

Accepted Answer

A mantrap is a small, interlocked entry chamber with two doors where the first door must close and authentication must occur before the second door opens, ensuring only one authorized person enters at a time

Answer

A mantrap is a motion-activated alarm zone around the perimeter fence that detects and traps intruders until security personnel arrive

Answer

A mantrap is a room in a data center where unauthorized visitors are held until security has verified their identity

Answer

A mantrap is a hidden access point used by facility managers to access the data center without triggering normal access log entries

Question 3

In data center security, what is the purpose of a 'visitor access log'?

Accepted Answer

To create a documented audit trail of every person who entered the facility, including their identity, escort, purpose, areas visited, entry/exit times, and equipment brought in or out

Answer

To register all delivery vehicles and packages received at the data center loading dock

Answer

To track employee overtime hours for payroll purposes by recording when staff enter and leave the facility

Answer

To maintain a list of vendors pre-approved for access during emergencies when normal personnel are unavailable

Question 4

What type of security camera technology is most appropriate for monitoring dimly lit data center corridors?

Accepted Answer

Infrared (IR) or low-light IP cameras with wide dynamic range (WDR) capable of imaging in near-darkness without visible illumination

Answer

Standard VGA analog cameras with high-intensity white light illumination that activates when motion is detected

Answer

Thermal imaging cameras that detect body heat and do not require any visible or infrared illumination

Answer

Day/night cameras that automatically switch to color during business hours and black-and-white at night

Question 5

What is the difference between 'two-factor authentication' (2FA) and 'dual-person access control' in data center security?

Accepted Answer

2FA requires one person to present two credentials (e.g., card + PIN); dual-person access requires two separate authorized individuals to both authenticate before a door opens

Answer

2FA and dual-person access are identical — both require two people to enter the data center simultaneously

Answer

2FA is used for logical (IT system) access; dual-person control is used only for physical access to server racks

Answer

2FA requires two cards from the same person; dual-person requires one card from two people with different job titles

Question 6

What is a 'security operations center' (SOC) in the context of a data center facility, and what are its primary functions?

Accepted Answer

A 24/7 staffed facility that monitors all physical security systems (CCTV, access control, alarms, environmental sensors) and coordinates response to security incidents

Answer

An isolated server room within the data center dedicated to running security software and intrusion detection systems

Answer

A compliance management office staffed by security auditors who perform quarterly SOC 2 readiness assessments

Answer

A physical room separate from the data center building where backup security systems are mirrored for redundancy