ASIS ASIS-PSP - Physical Security Professional (PSP) Exam

Ethernet uses a method called Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Before transmitting data, a device listens (senses) the network to ensure it is not currently in use. If the line is clear, it transmits. If another device transmits at the same time, a collision occurs, and both devices wait a random time before retrying.

File Transfer Protocol (A) governs file exchange, not network access control.

Buses (B) refer to physical data pathways, not protocols.

Contingency planning traditionally focuses on:

Infrastructure (A)

People (B)

Processes (C)

While reputation is a concern in broader risk management and public relations, it is not considered a direct category of contingency planning programs, which deal more with operational continuity than brand management.

Telnet is a network protocol that allows users to connect to remote computers and access their resources, typically via command-line interface, assuming they have proper credentials. While outdated for secure applications (due to lack of encryption), it was widely used for remote access to systems.

Cabinet (A) and Telecom (C) are unrelated.

“None of the above” (D) is incorrect because Telnet is the correct protocol.

The contingency fee in a bid package is typically set at 10% of the total project cost. This budgetary buffer accounts for unforeseen issues, changes, or risks that might arise during project execution. It is a standard practice in both construction and security system projects.

A (5%) may be insufficient.

C (15%) and D (20%) are considered excessive unless the project has high uncertainty.

In the context of risk management:

A hazard is a condition or factor that increases the likelihood or severity of a peril (a cause of loss).

For example, oily floors (hazard) increase the chance of slips and falls (peril).

A (possible occurrence) and B (probable occurrence) describe likelihood, not hazard.

C (difference between actual and expected losses) refers to variance, not hazard.

Assault is defined as the intentional act of creating a reasonable apprehension or fear of imminent harmful or offensive contact in another person. It does not require physical contact; the threat alone—if credible and intentional—is sufficient. This differentiates it from battery, which involves actual contact.

Stabbing (B) involves physical harm.

Battering (C) is a form of battery, which requires actual physical contact.

None of the above (D) is incorrect, as assault is the proper term.

The classic “fire triangle” describes the three elements necessary for fire to occur:

Heat – to raise material to ignition temperature

Fuel – combustible material

Oxygen – typically from the air, to sustain combustion

Removing any one of these three elements will prevent or extinguish a fire.

Staff authority occurs when individuals (such as a chief executive officer or department head) are given delegated authority by their superior but do not sit directly in the operational chain of command. They support line functions by providing recommendations, analysis, and specialized services. Unlike line authority, which involves direct supervision, staff authority enables influence through expertise or policy.

Financial authority (A) pertains to budget control.

Control authority (B) is not a formal organizational term.

Dominance authority (D) is not used in standard management structures.

A crime is defined as a voluntary and intentional violation of a law by someone who is legally competent. It involves breaking a legal duty meant to protect society. This can include actions that are prohibited or omissions where action was legally required.

Corruption (A) is a specific type of crime involving abuse of power.

Law-breaking (B) is a general, non-legal term.

Fault (C) is too broad and often used in civil contexts.

An initial threat or hazard evaluation must include an assessment of how likely each threat is to occur. This probability, when combined with impact analysis, forms the foundation for risk assessments. Understanding likelihood allows prioritization of mitigation strategies.

A (Estimate costs) and C (Develop business case) are later steps.

D (Develop response plan) comes after risk characterization.