Free and Premium ASIS ASIS-PSP Dumps Questions Answers

Integrity, in the context of information security, refers to ensuring data is accurate, consistent, and unaltered by unauthorized actions. Maintaining integrity prevents data manipulation or corruption, ensuring reliability for organizational decision-making.

Analysis (A) is the process of evaluating data.

Security (C) is a broader term encompassing integrity, confidentiality, and availability.

Availability (D) ensures access but does not guard against data tampering.

Preventive maintenance involves proactive actions taken to ensure systems continue to operate efficiently and to prevent failures before they occur. Updating system and application software is a clear example of preventive maintenance because it improves system performance, addresses vulnerabilities, and ensures compatibility with current operational requirements. In Human Resource and organizational management contexts, preventive maintenance supports uninterrupted operations, protects organizational assets, and ensures employee safety by reducing the likelihood of system failures. In contrast, investigating problems, restoring systems, and updating documentation are reactive or corrective maintenance activities that occur after an issue has already arisen. Preventive measures like regular updates, inspections, and testing help maintain reliability and reduce downtime. Therefore, option B is correct because it reflects a proactive approach to maintaining system effectiveness.

Legal action, civil lawsuits, and civil litigation all fall under categories of public records that provide documented histories of an individual ' s involvement in legal or financial disputes. These records can offer valuable insight into behavior patterns, financial stability, and legal integrity — all of which are critical in personnel vetting.

Such records are accessed (where lawful) during comprehensive background checks.

Executives are the most crucial stakeholders to engage because they have the authority, strategic perspective, and organizational influence needed to support an enterprise-wide asset protection strategy. In Human Resource and organizational management terms, senior leadership helps align protection efforts with business goals, approves budgets, sets priorities, and ensures cooperation across departments. Asset protection is not only a security issue; it involves people, policies, systems, operations, and culture throughout the entire organization. Executives are in the best position to balance these needs and drive unified implementation. While security, IT, and human resources each play important supporting roles, they usually focus on specific functional areas. Executive engagement ensures the strategy is supported at the highest level and integrated across the enterprise. Therefore, option B is the most accurate answer.

Alarm monitoring systems are categorized into central station systems, local systems, proprietary systems, and auxiliary systems. Each system involves different methods of signal transmission and monitoring, including third-party monitoring centers or direct links to authorities.

Risk assessment in the PSP framework is centered on understanding the interplay between assets, exposure, and losses.

Assets are the people, property, information, and operations that must be protected.

Exposure represents the vulnerability or likelihood that an asset will be affected by threats or hazards.

Losses are the potential consequences, whether financial, operational, reputational, or physical, if a threat materializes.

By systematically analyzing these three considerations, security professionals can prioritize risks, allocate resources effectively, and design appropriate mitigation strategies. Countermeasures are developed later as responses to identified exposures and potential losses, not as a primary input to risk classification. This aligns with ASIS guidance on structured risk assessment and enterprise security risk management.

The Pass-Exchange System enhances security by requiring that the employee exchanges one pass for another at a control point before entering a more secure or restricted area. This ensures that access is tightly monitored and controlled on a zone-by-zone basis.

The owner’s formal acceptance of a security system—usually after site acceptance testing—is the point at which the warranty period typically begins. From this moment, the vendor or contractor is responsible for addressing defects or performance issues as stipulated in the contract.

B and C (Phase II references) are not standard project stages.

D (Site acceptance testing) occurs before acceptance and warranty activation.

System integration combines technology, procedures, and people—i.e., personnel—to create a cohesive and effective security solution. Personnel are essential for operating, monitoring, and responding to events within the system.

A (Safety) and D (Management) are broader organizational functions.

B (Equipment) is a part of the technology component, already implied.

The statement is incorrect. The correct definitions are:

Libel is written defamation—false and damaging statements published in writing or other fixed mediums.

Slander is oral defamation—spoken false statements meant to damage someone’s reputation.

So, libel is not oral; slander is.

The correct answer is C. environmental and degradation factors.

In PSP physical security design, lighting is treated as a structural security countermeasure, and the ASIS PSP Body of Knowledge includes knowledge of lighting, electronic security systems, performance requirements, and security system design capacities.

A 4:1 light-to-dark ratio means the brightest area should not be more than four times brighter than the darkest area within the assessed scene. This provides relatively even illumination for guards and video assessment systems. In physical protection system guidance, the light-to-dark ratio directly affects the ability to assess a scene; very high ratios create dark blind spots, while a lower ratio such as 4:1 greatly reduces those blind spots.

The reason 4:1 is used as the preferred design goal is that lighting systems degrade over time due to environmental and maintenance-related factors such as lamp aging, dirt on fixtures, weather effects, dust, damaged lamps, vegetation growth, and surface reflectance changes. Guidance on security camera lighting states that lighting may be designed for a 4-to-1 ratio to allow for degradation over time, while a 6-to-1 ratio is still used as a practical maximum to avoid areas becoming too dark or too bright for assessment.

The other options are not the best answer:

A. High surface reflection may help contrast, but it is not the reason for selecting a 4:1 design goal.

B. High aspect ratio is not a security lighting design objective in this context.

D. Reflected glare reduction is important, but the 4:1 ratio is mainly selected to maintain usable illumination despite environmental and degradation factors.

Therefore, the correct answer is C. environmental and degradation factors.

An initial threat or hazard evaluation must include an assessment of how likely each threat is to occur. This probability, when combined with impact analysis, forms the foundation for risk assessments. Understanding likelihood allows prioritization of mitigation strategies.

A (Estimate costs) and C (Develop business case) are later steps.

D (Develop response plan) comes after risk characterization.

Microwave sensors are active volumetric sensors that transmit microwave signals and detect motion based on frequency changes. For optimal coverage and effectiveness, they are typically mounted near the ceiling of the protected area. This elevated placement allows the sensor to cover a wider detection zone and reduces interference from obstacles such as furniture or equipment. In workplace security and Human Resource safety management, proper sensor placement is essential to ensure reliable detection and minimize false alarms. Mounting sensors too low can limit their range and increase the likelihood of obstructions affecting performance. Positioning them at ceiling level enhances monitoring efficiency and supports a safer working environment by ensuring comprehensive coverage. Therefore, option D is correct because it provides the most effective installation position for microwave sensors.

Comprehensive Detailed Explanation:

A project is defined as a temporary endeavor undertaken to create a unique product, service, or result. In security, examples include designing and installing a new access control system or conducting a vulnerability assessment.

A (Scope of work) outlines what a project includes.

B (Work breakdown structure) is a tool used in managing a project.

D (System) refers to a set of components working together, not the temporary process to build it.

In low-light surveillance conditions, a lower F-stop allows more light to pass through the camera lens and reach the image sensor. The F-stop measures the size of the lens opening, and the lower the number, the wider the aperture. A wider aperture improves image brightness and helps the camera produce clearer footage in dim environments. In organizational safety and Human Resource related security planning, proper camera performance is important because poor visibility can affect incident review, employee protection, and overall workplace monitoring. A higher F-stop reduces the amount of light entering the camera, which is less effective in low-light areas. Glass lens quality and iris type may influence performance, but they do not directly increase light intake as much as a lower F-stop. Therefore, option C is the correct answer.

Top of Form

The correct answer is C. paracentric.

In PSP physical security knowledge, locks are treated as structural physical security countermeasures, and the PSP Body of Knowledge includes knowledge of locks under physical security measures and countermeasure selection.

A paracentric keyway is a lock keyway design intended to make picking more difficult by restricting the movement of picking tools inside the keyway. It uses complex warding/projections in the keyway so that manipulating the pins becomes harder. ScienceDirect describes paracentric keyways as designs that frustrate picking attempts by making manipulation of pin tumblers to the shear line more difficult.

The other choices are incorrect because spool, mushroom, and serrated are types of security pins used inside lock cylinders, not keyway designs.

Therefore, the correct answer is C. paracentric.

Probability of detection refers to the likelihood that an intrusion or unauthorized action will be identified by the security system. It is a key performance metric used to evaluate the effectiveness of electronic security components such as sensors and alarms. A high probability of detection means a more reliable system.

A (System validation) is a phase where detection may be measured, but it’s not the definition.

B (Officer response) is unrelated to detection probability.

D (Response timing) is part of delay or intervention, not detection.

Conspiracy in the context of theft or fraud refers to two or more individuals collaborating—often using confusion or chaos in the environment—to execute or conceal a theft. This is especially common in employee-customer collusion or multi-person theft scenarios.

Accountability (B) reduces confusion.

Invoicing (C) is a documentation process.

Proliferation (D) means rapid increase, not relevant here.

Class K fires involve cooking oils, grease, and fats typically found in commercial kitchens. These fires require specific extinguishers that saponify the oil, cooling and smothering the flames. Class K extinguishers often contain wet chemical agents.

Class C (A) involves energized electrical equipment.

Class D (B) involves combustible metals.

Class L (D) is not a recognized fire class.

A hybrid staffing model uses both proprietary and contract security personnel. In this scenario:

Proprietary staff can be assigned to sensitive and top-secret projects for tighter control, loyalty, and internal vetting.

Contract staff can manage less critical areas such as visitor parking, reducing cost.

This model is both secure and cost-effective, offering flexibility and risk-based deployment.

B (Contract) is cost-effective but lacks control for sensitive tasks.

C (Proprietary) is highly secure but more expensive.

D (Total systems) is not a staffing strategy.

In the context of risk management:

A hazard is a condition or factor that increases the likelihood or severity of a peril (a cause of loss).

For example, oily floors (hazard) increase the chance of slips and falls (peril).

A (possible occurrence) and B (probable occurrence) describe likelihood, not hazard.

C (difference between actual and expected losses) refers to variance, not hazard.

From a management perspective, organizing a security operation involves multiple interconnected activities:

Planning and goal setting (A) to define the scope and objectives.

Establishing controls (B) such as policies, standard operating procedures, and compliance mechanisms.

Hiring personnel (C) with appropriate qualifications and placing them in roles suited to their capabilities.

All these components work together to structure and guide the security effort effectively.

An “after action” review is a structured process following an incident, drill, or actual disaster, in which events are documented, timelines are reconstructed, and lessons learned are gathered. Its purpose is to identify what went well, what failed, and what can be improved in future responses.

Testing (A) refers to evaluating procedures before an event.

Quality assurance (B) focuses on performance and compliance but not necessarily post-event analysis.

" All of the above " (D) is incorrect because only after action includes all these specific elements.

Comprehensive Detailed Explanation:

During the planning phase of a physical protection system, key deliverables include:

Preliminary design: Conceptual plans showing system layout and strategy.

Drawings: Visual representations that help in communicating system intent and scope.

These work products set the foundation for detailed design and implementation.

A, B, and C include elements used later in the process (procurement, budgeting).

To qualify for a physical security project, prospects are typically required to submit a bidder’s questionnaire because it provides structured and standardized information about the company’s capabilities, experience, resources, and compliance with project requirements. In procurement and Human Resource management practices, this document helps organizations evaluate whether a bidder is technically and operationally capable of performing the work. It ensures fairness, consistency, and transparency in the selection process by allowing all bidders to be assessed against the same criteria. While customer references and executive biographies provide useful background information, they are not as comprehensive or standardized. An intent-to-bid letter only indicates interest, not qualification. Therefore, the bidder’s questionnaire is the most appropriate tool for determining eligibility and suitability for a security project, making option C the correct answer.

The primary purpose of analyzing data collected during a risk analysis is to support informed decision-making regarding identified risks. In Human Resource and organizational management, data-driven decisions are essential for effectively prioritizing threats, allocating resources, and implementing appropriate security measures. By evaluating collected data, a Physical Security Professional can understand the likelihood and impact of risks, identify vulnerabilities, and determine the most suitable mitigation strategies. While options such as identifying peak activities, selecting technologies, or communicating with management may result from the analysis, they are secondary outcomes. The core objective remains to guide sound and informed decisions that enhance organizational safety and operational efficiency. Therefore, option A is correct because it reflects the fundamental purpose of risk analysis in supporting strategic and evidence-based decision-making.

Annual Loss Expectancy (ALE) is calculated as:

ALE = Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO),

which reflects the impact (SLE) and the frequency (ARO) of an event. This formula is a key component in risk assessment for determining expected financial loss.

A, B, and C are partially correct but not the accepted risk formula framework.

Comprehensive Detailed Explanation:

Identity theft is the act of obtaining and using someone else ' s personal or financial information—such as social security numbers, bank details, or credit card information—without permission, often for committing fraud or other criminal activities.

Identity fraud (A) refers to the actual fraudulent acts committed after the identity is stolen.

Identity dissemination (C) and Identity distortion (D) are not standard legal or cybersecurity terms.

A tort is a civil wrong for which a remedy may be obtained in the form of damages. It is based on the idea that individuals owe certain duties to others and can be held liable when they breach those duties, resulting in harm or injury.

Transitivity (A), Reassembly (C), and Procurement (D) are not related to civil legal liability.

Metal halide lamps emit a bright, white light with a bluish cast. This makes them ideal for applications requiring good color rendering and visibility, such as CCTV surveillance or high-intensity outdoor lighting.

A (Sodium vapor) emits yellow/orange light.

C (Mercury vapor) also has a bluish tint but less desirable color rendering.

D (Incandescent) gives off a warm, yellowish light.

Security consultants are often retained to provide strategic input on staffing needs, policy design, and technology integration. Their advice helps organizations make informed decisions regarding the deployment of personnel, the structure of policies, and the selection of physical and electronic security systems.

A security system’s power supply must be sized with headroom to accommodate additional devices, future expansion, and potential peak loads. ASIS PSP guidance recommends that the system load should not exceed 60% of the total power capacity.

Loading above this threshold can reduce system reliability, limit the ability to add new devices, and stress power components, potentially shortening equipment lifespan.

Maintaining a margin ensures that batteries and power supplies can support the system under normal and emergency conditions, including temporary peak loads.

This practice aligns with standard design principles for redundancy, scalability, and safe operation of integrated security systems.

Fail-safe locks are designed to unlock automatically when power is removed. This ensures people can exit during emergencies such as fire alarms or power outages. It is a critical safety requirement in most building codes.

A may be true for integrated systems but doesn’t define fail-safe.

B describes fail-secure, which keeps the door locked during power failure.

D (Tamper resistance) relates to durability, not fail-safe function.

Proximity badges use radio-frequency identification (RFID) technology, allowing them to be read without physical contact. When held near a reader, the embedded chip transmits its identifier wirelessly.

A: Embedded parallel wires are characteristic of older magnetic stripe cards.

C: Proximity cards contain ID numbers, not personal data.

D: Optical sensors apply to barcoded or Wiegand cards, not proximity cards.

Risk transfer refers to shifting the financial burden of potential losses from an organization to a third party, typically through insurance. By paying a premium, the company secures coverage that will compensate for specific losses, thereby reducing its own financial exposure.

References from PSP: ASIS POA – Risk Management and Insurance Strategies; PSP Study Manual – Financial Risk Treatment Options

A methodical examination in security management serves multiple purposes:

Identifying deviations from policies and procedures

Detecting vulnerabilities or loopholes

Improving operational effectiveness while maintaining or enhancing security

This approach is used in audits, inspections, and evaluations to enhance overall security posture without compromising performance.

References from PSP: ASIS POA – Security Audits and Evaluations; PSP Guide – Program Effectiveness and Risk Review

Risk management is the continuous and proactive process of identifying areas where a business may suffer losses, assessing the likelihood and potential impact of those losses, and implementing security countermeasures to minimize or eliminate them. This function ensures that organizational assets—people, property, and information—are protected against threats such as theft, sabotage, natural disasters, and operational failures.

References from PSP: ASIS POA – Risk Management; PSP Study Guide – Physical Security Assessment Domain

Capacitance proximity sensors detect changes in electrical capacitance, which can be influenced by environmental conditions. Changes in relative humidity can affect the dielectric properties of the air or materials nearby, potentially causing false alarms or degraded performance.

B (Temperature) and C (Air movement) typically affect other sensor types (e.g., infrared or ultrasonic).

D (End-of-line resistance) applies to alarm circuit supervision, not proximity sensing.

Intrusion sensor performance is commonly evaluated using three key criteria: probability of detection, nuisance alarm rate, and vulnerability to defeat. Probability of detection measures how effectively the sensor identifies actual intrusions. Nuisance alarm rate refers to the frequency of false or unnecessary alarms, which can reduce trust in the system and lead to complacency among personnel. Vulnerability to defeat assesses how easily the sensor can be bypassed or compromised by an intruder. From a Human Resource and organizational management perspective, these factors are critical because they directly influence employee response, security awareness, and overall workplace safety. High false alarm rates may lead to reduced attentiveness among staff, while poor detection capability or high vulnerability can expose the organization to risks. Therefore, option D correctly represents the standard performance criteria.

A security survey is a detailed, on-site examination of an organization’s premises, operations, procedures, and systems. Its purpose is to identify weaknesses, evaluate risks, and recommend countermeasures. It includes physical inspection, interviews, documentation reviews, and testing of current security controls.

This is distinct from a risk analysis (which is more data-focused) or a performance audit (which evaluates outcomes rather than vulnerabilities).

References from PSP: Physical Security Assessment – ASIS POA; PSP Certification Study Manual – Domain 1

Capability refers to the potential of a person to commit dishonest acts, and it is considered a controllable variable in security management. The degree of control needed over a person ' s capability depends on their level of honesty. In environments with higher risks of internal threats, security systems, supervision, and checks may be increased to mitigate the risks associated with those who have both opportunity and capability.

Insurance companies provide coverage based on actuarial calculations that allow them to remain profitable. The total amount of premiums collected across all policyholders must exceed the total claims paid. Therefore, the estimated value of all losses across a pool of insured clients is generally less than or balanced with the total premiums collected, ensuring profitability and sustainability for the insurer.

References from PSP: ASIS POA – Insurance Principles and Economics; PSP Manual – Underwriting and Risk Pooling Concepts

Metal halide lamps provide excellent color rendering that closely resembles natural daylight, making them ideal for enhancing image quality in CCTV systems. However, they are also more expensive to install and maintain compared to other types such as high-pressure sodium or mercury vapor.

A (Mercury vapor) and D (Low-pressure sodium) offer poor color rendering.

B (High-pressure sodium) is efficient but has a yellow hue that distorts colors.

Floodlights are wide-beam lighting devices used to extend horizontal illumination across large areas, particularly along perimeter barriers. Their design makes them effective in lighting long stretches of fencing or property lines to deter and detect intruders. Unlike spotlights or search lights, floodlights disperse light broadly and evenly, reducing shadows and blind spots.

" Search lights " produce narrow beams for focused scanning.

" Perimeter lighting " is a general concept, not a specific lighting unit.

" Fresnel lenses " are components used in optics and are not lighting units.

A change key is designed to operate a single specific lock within a keyed system and is typically assigned to an individual user for limited access. In key control systems, which are important in organizational and Human Resource security management, different key types are used to control access levels. A change key provides the lowest level of access, ensuring that employees can only enter authorized areas relevant to their roles. This supports accountability, reduces security risks, and helps enforce workplace policies. Options A and C describe functions of master or grand master keys, which open multiple locks. Option D refers to control or core keys used for lock maintenance. Proper use of change keys helps organizations maintain structured access control and protect assets, personnel, and sensitive areas effectively.

A non-delegable duty is a legal responsibility that cannot be entirely transferred to another party (such as an independent contractor) under agency law. While a company may hire third-party providers, the courts often hold that certain responsibilities—particularly those involving safety and legal compliance—remain with the hiring entity. This is particularly significant in the context of security services, where liability can still rest with the client company even if services are outsourced.

Delegable duty (B) is the opposite and not applicable in this context.

Non-Crime duty (C) is not a recognized legal term.

Best practices for data backup recommend redundancy and geographical separation to ensure recovery in various disaster scenarios. Ideally, four sets of backup files should be maintained:

One on-site for quick access and recovery,

Three off-site (including possibly in different physical locations or cloud storage) for protection against local disasters like fire or floods.

The correct answer is C. Performance test.

In PSP physical security system implementation, testing is used to verify whether security equipment and systems meet required performance requirements and success metrics. The ASIS PSP Body of Knowledge includes performance requirements, success metrics, commissioning, final acceptance testing, and life-cycle evaluation as part of physical security system design and implementation.

A performance test determines measurable operating parameters of the system or equipment. For intrusion detection sensors, these parameters can include probability of detection, false alarm rate, nuisance alarm rate, sensitivity, detection coverage, and other measurable performance characteristics. Sandia’s physical security testing guidance also identifies NAR/FAR — nuisance alarm rate/false alarm rate and probability of sensing as key sensor performance metrics collected from test results.

The other options are not the best answer:

A. Safety test focuses on whether testing or equipment creates unsafe conditions.

B. Evaluation test is broader and is used to validate overall PPS effectiveness, not mainly to determine specific parameters like nuisance alarm rate.

D. Post-maintenance test is conducted after maintenance to confirm the system still works properly.

Therefore, the correct answer is C. Performance test.

Impressioning is a covert method used to create a working key for a lock without disassembly. It involves inserting a blank key into the lock and turning or jiggling it to create small marks where pins contact the blank, which are then filed down to form the correct cuts.

B (Rapping) and C (Bumping) are techniques to bypass a lock, not to create a key.

D (Decoding) involves analyzing key cuts visually or electronically but not physically producing a key directly.

A deadbolt lock must have sufficient bolt projection, known as the throw, to resist forced entry techniques such as jamb spreading. The recommended minimum throw is 1 inch because it ensures that the bolt extends deeply into the door frame, increasing resistance against prying or forced separation of the door and frame. In organizational and Human Resource security management, proper physical security measures are essential for protecting employees, assets, and sensitive areas. Installing locks with inadequate throw length may create vulnerabilities that can be exploited easily. While shorter throws may offer basic locking, they do not provide the level of resistance required for secure environments. Therefore, selecting a deadbolt with at least a 1-inch throw supports stronger access control and contributes to overall workplace safety and risk reduction.

One of the primary drawbacks of using contract security services is the reduction in direct control over the personnel and operations. While contract services offer benefits such as simplified administration, quick staffing solutions, and access to specialized expertise, they limit the organization ' s ability to directly manage and discipline personnel or tailor services to company-specific policies and culture.

Administration (B), Staffing (C), and Expertise (D) are all advantages of contract services.

Control (A) is a typical advantage of proprietary systems, not contract models.

In risk assessment, the tangibility of an asset does not automatically determine whether it is more or less valuable than another asset. Both tangible assets, such as equipment and facilities, and intangible assets, such as reputation, information, and employee knowledge, can be critical to an organization. Human Resource management especially recognizes that intangible assets like workforce expertise, trust, and organizational culture can have major strategic value. Because of this, each asset must be evaluated based on its specific importance, exposure to risk, and potential impact on operations. Protection measures should then be matched to that value and level of risk. A physical item is not always more valuable than a nonphysical one, and mitigation strategies should not automatically be identical. Therefore, option D is the most accurate answer.

Substantive law defines the legal relationship between individuals, including rights, duties, and legal obligations. It governs how people behave in society and outlines the legal consequences for certain actions.

Procedural law (A) refers to the methods and processes for enforcing substantive laws (e.g., court procedures).

Statutes suit (B) and Constructive law (D) are not standard legal classifications.

A network security policy defines the scope of security measures within an organization’s network. It sets the rules for behavior, outlines acceptable use, identifies protected resources, defines responses to security breaches, and lays out disciplinary measures for violations.

Physical security (A) focuses on tangible access control.

Forensic investigations (C) deal with post-incident evidence gathering.

Spam filtering (D) is a specific technical control, not a policy framework.

Security consultants are often retained to provide strategic input on staffing needs, policy design, and technology integration. Their advice helps organizations make informed decisions regarding the deployment of personnel, the structure of policies, and the selection of physical and electronic security systems.

Ethernet was developed in the early 1970s by Robert Metcalfe and his team at Xerox Corporation’s Palo Alto Research Center (PARC). It became the foundational technology for local area networks (LANs) and remains widely used in networking today.

IBM (B) developed other networking technologies but not Ethernet.

Microsoft (C) is a software company and did not develop Ethernet.

An intentional tort occurs when a person deliberately engages in actions that are likely to cause harm or when the person knowingly performs an act that they can reasonably foresee will result in damage. Examples include assault, battery, false imprisonment, and trespassing.

Active resister (A) and Lack of control (B) are not legal terms related to tort liability.

" International tort " is a misspelling; the correct term is " intentional tort. "

Scavenging refers to the process of retrieving residual data from system memory (such as RAM) or buffers. This data remains until it is overwritten or the system is powered off. Scavenging can be used by attackers to recover sensitive information such as passwords or encryption keys.

Random memory (A) is not a valid term.

Awaiting memory (C) and Search memory (D) are not industry terms.

Business resumption refers to the long-term process (typically more than 60 days) of returning the organization to full, normal operations after a disruption. It follows the earlier stages of emergency response and business recovery and focuses on rebuilding systems and restoring service levels.

Business continuity (A) is a broader concept that includes all planning efforts.

Business recovery (B) focuses on short-term, interim operations.

Business healing (D) is not a formal term in continuity planning.

The correct answer is A. Humans.

In the ASIS PSP Body of Knowledge, asset identification is part of Domain One: Physical Security Assessment, where the security professional must identify assets to determine their value, criticality, and loss impact. The PSP Body of Knowledge specifically includes knowledge of the nature and types of assets, including tangible and intangible assets.

A tangible asset is an asset that has a physical form or physical presence. Humans/people are tangible because they physically exist and can be directly protected through physical security measures such as access control, emergency response, life safety systems, barriers, screening, and security staffing.

The other choices are not the best examples of tangible assets:

B. Information is generally treated as an intangible asset, although it may be stored on physical media.

C. Reputation is an intangible organizational asset.

D. Trademarks are intellectual property and are intangible assets.

ASIS also describes the PSP credential as related to protecting an organization’s assets, including people, property, and information, which supports the classification of people/humans as a core asset in physical security.

Therefore, the correct answer is A. Humans.

Business continuity involves two core stages:

Business Recovery – restoring critical business functions quickly after a disruption.

Business Resumption – full restoration of all business operations to normal levels over the long term.

This sequence ensures operational stability in the short term and complete restoration in the long term.

An intangible asset is a non-physical resource that holds value for an organization, typically contributing to competitive advantage or operational capability. Examples include intellectual property, such as patents, trademarks, copyrights, and proprietary knowledge.

Land, buildings, and natural resources are tangible assets, meaning they have a physical form that can be seen and touched.

Intangible assets are critical in risk assessment because they often require specialized protection strategies, including legal safeguards, access control, and confidentiality measures.

ASIS PSP guidance highlights the need to recognize both tangible and intangible assets when conducting asset valuation and risk assessments, ensuring security measures are appropriately tailored to protect all forms of organizational value.

A Business Impact Analysis is the correct process because it evaluates how disruptive events can affect critical operations, resources, and organizational continuity. While a risk assessment identifies threats, vulnerabilities, and likelihood, a Business Impact Analysis goes further by examining the operational consequences if a disruption actually occurs. In Human Resource and organizational management, this is important because security incidents can affect employee safety, staffing, communication, payroll, access control, and essential workplace functions. The analysis helps management prioritize critical services, allocate resources, and prepare recovery strategies to reduce downtime and organizational loss. The other options do not serve the same forward-looking planning purpose. Therefore, option D is correct because a Business Impact Analysis complements risk assessment by focusing on the real business and workforce impact of potentially disruptive events.

Backgrounding is the act of conducting a discreet investigation into an applicant’s past and current activities. This includes reviewing criminal records, employment history, education, and possibly financial or social behaviors to evaluate risk before hiring. It ' s a key aspect of the screening process for sensitive or high-trust positions.

Reporting and recording (B, D) involve documentation but not investigative vetting.

Supervisory (C) relates to management, not background checking.

The prediction of internal crime (e.g., theft, fraud) heavily relies on historical data to identify patterns, vulnerable departments, and recurring behaviors. This data-driven approach informs proactive security strategies.

A (Background checks) are preventive, not predictive.

B and C offer useful insights but are not the primary basis for trend analysis.

Conversion is a civil tort that occurs when one party wrongfully possesses or interferes with another’s personal property (chattel) to the extent that the owner ' s use or rights are seriously restricted or denied. It’s essentially a civil version of theft.

Restriction (A), Transfer (B), and Constraint (C) are not legally specific terms for this tort.

Comprehensive Detailed Explanation:

Nuisance alarm rate is a measure of system reliability and is calculated by tracking the number of false or unwanted alarms over a specified time. This metric is crucial for tuning sensor performance and reducing unnecessary responses.

A, B, and C provide insights but are not standard methods of calculating nuisance alarm rate.

Electromechanical sensors, including magnetic reed switches and contact sensors, are the most common type used on doors and windows. They detect the opening or closing of an entry point and are widely deployed in intrusion detection systems.

A (Capacitance), C (Infrasonic), and D (Fiber optic) sensors are more specialized and not commonly used for standard door/window monitoring.

The planning phase of a security system project results in key deliverables such as stakeholder identification, project requirements, timelines (meeting schedules), and budget forecasts (cost estimates). These form the foundation for design and implementation.

B, C, and D include inputs or analysis components, but they are not final outputs of the planning phase.

Comprehensive Detailed Explanation:

Pre-qualifying vendors ensures that only those with the necessary experience, resources, and qualifications are invited to bid on a project. This avoids wasted effort on unqualified proposals and increases the likelihood of successful project execution.

A (Code enforcement) and D (Spec compliance) happen during later review stages.

C (Financial stability) is one part of the evaluation but not the sole goal.

Integrity is a deeply ingrained sense of right and wrong that develops during an individual ' s formative years. It drives ethical behavior and respect for rules, even when no one is watching. In physical security and personnel management, individuals with high integrity are more likely to be trustworthy and less likely to engage in dishonest actions, even under pressure.

Credit reports not only reflect a person ' s financial condition (debts, credit utilization, bankruptcies), but also provide useful data such as past addresses and the names of previous employers. This auxiliary information is essential during background investigations and helps validate the accuracy of job applications.

Legal and compliance considerations apply; employers must follow fair credit reporting laws and obtain consent.

Under the 50/50 rule (also known as the " modified comparative negligence " rule), the plaintiff may recover damages only if they are 50% or less at fault. If the plaintiff ' s fault is more than 50%, they cannot recover any damages. Therefore, a person responsible for more than 50% of the negligence would be barred from recovery.

Strict liability applies when a manufacturer or service provider is held legally responsible for damages or injuries caused by a defective product or service, regardless of fault or intent. This type of liability is often associated with consumer protection laws, where the focus is on the danger posed to the user rather than negligence on the part of the provider.

Plaintiff (B) is the party bringing the suit.

Defendant (C) is the party being sued.

" None of the above " (D) is incorrect since " Strict liability " is the correct legal principle.

An operational audit is a continuous and comprehensive review of all facets of the security operation. It evaluates whether security procedures are functioning as intended and whether resources are being used efficiently. This process identifies inefficiencies, policy violations, or procedural weaknesses over time.

References from PSP: ASIS POA – Security Operations Review; PSP Study Manual – Domain 3: Operations and Program Evaluation

In selecting video surveillance cameras, the primary criterion is the ability to clearly identify objects or individuals within the monitored area, which is directly determined by the horizontal resolution.

Horizontal resolution represents the number of distinct points of information captured across the width of the scene and dictates the level of detail available for identification.

Pixel count or chip output alone does not guarantee usable image quality; it must be supported by optics and scene coverage.

Sensitivity affects performance in low-light conditions but is secondary when the main goal is resolution-based identification.

Focal length adjusts the field of view but does not replace the need for sufficient horizontal resolution to meet identification objectives.

ASIS PSP guidance stresses that camera selection should align with the operational purpose, ensuring captured video meets evidentiary and situational awareness requirements while optimizing system design and cost efficiency.

Risk transfer involves shifting the financial impact of a risk to a third party, such as through an insurance policy. By purchasing insurance, the organization transfers the monetary burden of certain events (e.g., theft, damage, liability) to the insurer.

A (Avoidance) means eliminating the risk entirely.

C (Reduction) involves lowering the likelihood or impact.

D (Spreading) divides the risk among multiple entities, not full transfer.

Comprehensive Detailed Explanation:

To implement effective preventive maintenance, you must have access to the manufacturer ' s specifications for each component. These specifications provide details such as recommended maintenance intervals, acceptable tolerances, environmental operating conditions, and part replacement guidelines.

A (MTBF), B (Performance reports), and C (Failure rates) are useful for analysis, but the foundational document for preventive action is the manufacturer’s specification.

In developing a maintenance plan, priority should be given to components whose failure would significantly affect the system’s performance or create a major security gap. This is a risk-based approach, ensuring that critical equipment is maintained for maximum system reliability and protection.

A and C are valid considerations but not as crucial as impact.

D addresses maintenance requirements but not prioritization.

Assault is defined as the intentional act of creating a reasonable apprehension or fear of imminent harmful or offensive contact in another person. It does not require physical contact; the threat alone—if credible and intentional—is sufficient. This differentiates it from battery, which involves actual contact.

Stabbing (B) involves physical harm.

Battering (C) is a form of battery, which requires actual physical contact.

None of the above (D) is incorrect, as assault is the proper term.

A Change Review Board (CRB) is typically composed of key stakeholders representing the major interests involved in a project—engineering, operations, security, IT, procurement, and other relevant departments. This cross-functional group ensures that proposed changes are reviewed, justified, and approved collaboratively.

A, C, and D list some roles, but they don’t fully represent the project’s key partners in a typical governance model.

Risk acceptance is the mitigation option that has no direct cost because the organization chooses to acknowledge the risk without taking additional action to reduce, transfer, or eliminate it. In Human Resource and organizational management, this approach is typically used when the cost of mitigation exceeds the potential impact of the risk or when the risk level is considered minimal. While there may still be indirect consequences if the risk materializes, no immediate financial investment is required to manage it. In contrast, risk avoidance may involve changing operations, risk limitation requires implementing controls and safeguards, and risk transference often includes costs such as insurance or outsourcing. Therefore, option B is correct because risk acceptance does not require upfront expenditure, making it the only option with no direct cost.

Case law is the result of judicial decisions and precedents established through court interpretations of existing laws, whether based on common law (historical precedents from English law) or statutory law (laws passed by legislatures). It forms part of the legal framework in many jurisdictions and evolves through court rulings.

Criminal law (A) defines offenses and penalties.

Constitution law (D) governs foundational legal principles.

Offended suit (B) is not a recognized legal term.

In communism, the overthrow of capitalism is based on class struggle between the proletariat and bourgeoisie. Radical Islam is not centered around class conflict but rather on religious ideology and perceived moral decay. While radical Islamists may oppose Western or Russian systems, it is not explicitly framed as a class-based struggle akin to Marxist theory.

Line devices transmit signals from the sensor (or alarm initiating device) to a remote monitoring or control station. These can be hardwired or use wireless transmission lines. They form the backbone of alarm communication infrastructure.

The total financial impact of a loss extends beyond the replacement cost of a stolen or damaged item. It includes:

Temporary replacement costs (e.g., rental equipment or substitute materials)

Downtime costs (e.g., loss of production or service disruption)

Discounted or future cash flow losses, such as delayed revenues or lost customers

These hidden or indirect costs can significantly increase the true loss value.

References from PSP: ASIS POA – Total Cost of Loss; PSP Manual – Loss Impact Assessment

When selecting countermeasures, the most important factor is the overall risk posed to the asset or operation. This includes both the likelihood of a threat and the potential impact. Cost, criticality, and probability are components of the risk equation but are not stand-alone decision criteria.

A (Cost) is important for feasibility but follows risk evaluation.

B (Probability) and C (Criticality) contribute to risk but don’t outweigh it individually.

Programmed supervision is a structured process that ensures supervisors or designated personnel systematically check critical functions or areas for compliance, performance, and accountability. It involves scheduled tasks or checkpoints and is a key mechanism in ongoing quality and security assurance.

References from PSP: ASIS POA – Security Management Controls; PSP Study Guide – Inspection and Supervision Systems

Private security functions are generally client-centered—focused on protecting the assets, people, and interests of a private entity or organization. In contrast, public law enforcement is tasked with serving the community at large, maintaining public order, and enforcing laws for societal benefit.

This fundamental difference in mission and orientation underpins many of the operational and strategic differences between the two sectors.

This statement reflects a well-recognized trend in modern security models. As public law enforcement agencies face increasing demands and limited resources, private sector security is expected to play a larger role in crime prevention, particularly in areas like property protection, corporate investigations, and access control. This shift allows public police to focus more on violent crime and emergency response.

Fidelity bonds specifically cover losses resulting from dishonest acts committed by employees, such as theft, fraud, or embezzlement. These are commonly used in financial institutions and other sectors where employees handle cash or sensitive assets.

After a risk assessment is completed, the first step for a project manager is to create a concept design. This outlines the proposed system and supports budget justification and strategic alignment with management’s objectives. Gaining senior management buy-in is essential before progressing to detailed design or procurement.

A (RFI) may follow concept approval.

C (Construction documents) are created much later.

D (Implementation planning) is dependent on approved design and funding.

An integrated approach to managing security risk includes both investment in proactive loss prevention techniques and the financial risk transfer method of insurance. Loss prevention helps reduce the probability and impact of incidents, while insurance ensures that if a loss does occur, the financial consequences can be absorbed or mitigated. Together, they form a balanced risk treatment strategy.

References from PSP: ASIS POA – Security and Risk Mitigation Strategies; PSP Study Guide – Operational and Strategic Measures

Wide Area Networks (WANs), like LANs, allow multiple devices to share communication lines. In WANs, technologies such as packet switching, virtual circuits, and multiplexing are used to let multiple users communicate over shared infrastructure. This is essential for scalability and efficiency across geographically dispersed locations.

Comprehensive Detailed Explanation:

Pyrolysis is the chemical decomposition of solid materials (often organic) caused by heat. It results in the release of flammable gases or vapors, which can mix with oxygen and ignite. Pyrolysis is a critical process in the early stages of a solid-fuel fire.

Liquidity (A) and Vaporization (B) refer to liquids turning into gas, not solid decomposition.

“None of the above” (D) is incorrect since “Pyrolysis” is the correct term.

Comprehensive Detailed Explanation:

Contingency planning in security and business continuity comprises four key components:

Emergency Response – immediate action to protect life and assets.

Crisis Management – command, communication, and decision-making during crises.

Business Recovery – restoring critical functions temporarily.

Business Resumption – restoring full, normal operations post-disruption.

Other options include irrelevant terms such as “pressure devices” or “under investigation,” which are not core to contingency planning.

In biometric systems:

False Acceptance Rate (FAR) represents unauthorized access.

False Rejection Rate (FRR) represents inconvenience to legitimate users.

From a security perspective, a low FAR is more critical because it ensures that unauthorized individuals are not granted access. A higher FRR can be tolerated in high-security environments, as it affects convenience rather than security.

A (low/low) is ideal but harder to achieve.

C and D (high FAR) compromise security.

Enterprise Security Risk Management (ESRM) considers a variety of operating environments that influence organizational risk, including geopolitical, economic, legal, and technological factors. The geopolitical environment—such as regional instability, regulatory changes, and political threats—plays a critical role in shaping security strategy and risk prioritization.

A (Legal), B (Digital), and C (Physical) are important, but they are all subsets of the broader geopolitical and global risk context within ESRM.

Comprehensive Detailed Explanation:

One of the key principles of good security reporting is objectivity, not subjectivity. Reports should be clear, concise, timely, and objective to ensure factual, actionable information. Subjectivity introduces bias and undermines the reliability of reports.

A (Clarity), B (Timeliness), and D (Conciseness) are all core principles of effective reporting.

Material Safety Data Sheets (MSDS), now referred to as Safety Data Sheets (SDS) under the Globally Harmonized System (GHS), provide detailed information about chemicals, including hazards, handling procedures, and emergency measures. OSHA regulations require employers to maintain these sheets for all hazardous substances in the workplace.

Asset Standard Act (A), Procurement Asset Safety Program (C), and Product Stability Program (D) are not applicable to this requirement.

Hold harmless clauses are contractual provisions that attempt to shift liability from one party to another—typically from the hiring organization to the contractor. However, under the principle of non-delegable duty, courts often do not honor these clauses when essential legal responsibilities (like ensuring public safety) are involved. This reinforces that certain legal obligations cannot be waived or outsourced.

Options A and B are not recognized legal phrases.

A virus is a type of malicious software that attaches itself to legitimate files and spreads when those files are executed.

A worm is a standalone malware program that replicates itself to spread to other computers without needing to attach to a host file.

A bug refers to an error or flaw in software, but in the context of this question (malicious instructions causing effects), it can contribute to vulnerabilities exploited by malware.

Since all these can involve sets of unwanted instructions leading to harmful effects, “All of the above” is the most accurate answer.

The correct answer is D. retinal pattern recognition.

In PSP physical security design, access control is part of integrated physical security systems and countermeasure implementation. ASIS describes the PSP credential as covering physical security assessments, integrated physical security systems, and implementation/evaluation of security measures.

Retinal pattern recognition is a biometric access control method. It verifies a person based on a unique physical characteristic rather than something the person carries or knows. Biometric authentication uses unique body characteristics such as retinas, fingerprints, facial structure, or other biological traits for security and authentication.

The other options provide lower security by comparison:

A. Proximity card — possession-based credential; it can be lost, stolen, shared, or cloned.

B. Computer-controlled keypad — knowledge-based credential; PINs can be observed, guessed, shared, or compromised.

C. Smart card — stronger than a basic proximity card, but still a possession-based credential unless combined with PIN or biometric verification.

D. Retinal pattern recognition — biometric; tied directly to the individual and therefore provides the highest level of security among the listed options.

Therefore, for a high-security area such as a data center, the best answer is D. retinal pattern recognition.

The most effective approach to risk management emphasizes proactive measures taken before a loss occurs. Implementing an efficient before-the-loss arrangement involves:

Identifying potential threats and vulnerabilities

Prioritizing assets and exposures

Designing protective measures and contingency plans

Allocating resources to minimize potential operational, financial, and safety impacts

Reactive measures, such as arranging after-the-loss recovery or focusing exclusively on loss-prevention techniques, do not comprehensively address risk and may leave organizations exposed. Calculated-risk theory provides a framework for decision-making but must be applied within a before-the-loss strategy to optimize mitigation and resource allocation.

This aligns with ASIS PSP guidance, which underscores the importance of anticipating risks and implementing protective measures in advance rather than relying primarily on post-loss actions.

The number of security personnel required is typically directly proportional to the size and complexity of a facility, not inversely. Larger facilities or those with more employees often require more security staff to ensure adequate coverage, surveillance, access control, and emergency response. Factors influencing personnel needs include square footage, asset value, location, threat level, and operational hours.

The statement in the question is incorrect, making the correct answer " False. "

The correct answer is Capacitance.

Capacitive sensors detect changes in the electromagnetic field around a metallic object. When a metal container enters this field, it alters the capacitance, triggering an alarm or alert.

Photoelectric sensors rely on light interruption or reflection and are typically used for perimeter detection.

Sonic and ultrasonic sensors measure sound waves to detect motion or proximity but are not designed to sense metallic objects via electromagnetic fields.

Capacitive sensing is widely used in security for protecting safes, metal cabinets, and secured storage containers because it provides reliable detection of tampering or unauthorized entry into a defined magnetic field, consistent with ASIS PSP guidance on electronic intrusion detection.

Effective security design must balance technological advances with operational realities, organizational priorities, and human behavior. This holistic approach ensures the system is usable, sustainable, and aligned with company goals.

A (Adversary diagrams) and B (Threats and likelihood) are analytical tools, not integration principles.

D omits the critical “human element,” which affects usability and compliance.

An electric strike allows for remote electrical locking and unlocking while still permitting free mechanical egress from the protected (inside) side of the door. This is essential for life safety and code compliance, especially in commercial and public buildings.

A (Vertical pin) is a mechanical lock component, not an electric device.

B (Electromagnetic) locks typically require power to release and may not allow mechanical egress without integration.

D (Delayed egress) restricts exit temporarily, which may violate free egress rules depending on application.

Comprehensive Detailed Explanation:

When assessing bombing risk, proximity to high-value or symbolic targets is a significant factor. Even if the facility itself isn’t a primary target, it may suffer collateral damage due to its location near another targeted building. This is a key aspect of blast risk assessments.

A and C (urban area, high occupancy) increase general risk but are not definitive on their own.

D (domestic/international tenants) may affect threat level but is less relevant than target adjacency.

A pre-bid conference allows all prospective bidders to gain a clear and consistent understanding of the project requirements, including walkthroughs of affected facilities. This helps ensure uniformity in bid proposals and reduces ambiguity or scope misinterpretation.

A (Engineering evaluation) is internal and technical.

C (Invitation for bid) is a document, not an event.

D (Procurement meeting) is not a standard pre-bid process phase.

When issuing weapons to security personnel, policies must clearly define the conditions under which the equipment may be used. This ensures legal compliance, accountability, and safety. Proper use-of-force guidelines are critical in managing liability and operational control.

A (Public perception) is important but secondary.

B and C may be relevant to personnel qualification but not to issuance policies themselves.

A significant issue in the operation of intrusion detection systems is the occurrence of false positives and false negatives. A false positive happens when the system signals an alarm even though no real intrusion has occurred, while a false negative happens when an actual intrusion is not detected. In organizational and Human Resource related security management, both problems are serious because they affect employee trust, response efficiency, and overall workplace safety. Frequent false alarms can cause staff to become less responsive or careless, while missed detections can expose personnel, assets, and sensitive information to harm. Effective training, proper maintenance, and accurate calibration are essential to reducing these issues. Therefore, option B is correct because false positives and false negatives are among the most important operational concerns in intrusion detection systems.