My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 33 - Question 2

What is NOT an example of a Physical Access Control?

A.  Biometric Systems
B.  Mantraps
C.  Role-Based Access Control (RBAC)
D.  Security Guards

Answer: C
Explanation:

A. Biometric Systems

Biometrics use unique physical characteristics (fingerprints, retina scans, facial recognition) to verify identity.  

  •  The Physical Aspect: While biometrics involve hardware and software, they are primarily used as a Physical Control to unlock doors, turnstiles, or server racks.  

  • The Categorization: They can also be considered "Technical/Logical" when used to log into a laptop, but in the context of building access, they are a staple of physical security.

B. Mantraps (Access Portals)

A mantrap is a specialized physical structure consisting of two interlocking doors.  

  •  How it works: The first door must close and lock before the second door can be opened.  This often requires a second form of authentication or a manual release by a guard. 

  • The Goal: To prevent tailgating or piggybacking, where an unauthorized person follows an authorized person through a single door. It is one of the most effective physical preventive controls.

C. Role-Based Access Control (RBAC)

RBAC is a Logical/Technical Access Control mechanism.

  • Why it's the Answer: RBAC is implemented within an operating system or application to define what a user can do after they have gained access to the system. It maps users to "roles" (e.g., Accountant, Admin, Auditor) and assigns permissions to those roles.

  • The Distinction: Physical controls stop your body from entering a room; logical controls (like RBAC) stop your account from accessing a file or database.

D. Security Guards

Guards are a classic example of Physical Security.

  • The Versatility: Guards are unique because they can act as multiple control types:

    • Preventive: Stopping someone from entering.

    • Detective: Noticing suspicious behavior.

    • Deterrent: Discouraging potential intruders by their visible presence.

  • The Human Factor: Guards can make "judgement calls" that automated systems cannot, such as responding to a medical emergency or fire while maintaining security.

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel