Physical — ISO 27001 Practice Questions

Learning

Loading practice session...

Loading certificate…

Ready to learn

Sample questions — Physical

1. An organization installs a reinforced steel door with a cipher lock on its server room. Security guards verify employee badges before allowing entry and punching in the code. Which statement correctly distinguishes Control 7.1 from Control 7.2 in this scenario?

A.The badge verification and cipher lock both fall under Control 7.1 as they secure the physical perimeter
B.The reinforced steel door is within the scope of Control 7.1, while the badge verification process falls under Control 7.2✓ Correct
C.The cipher lock mechanism is a monitoring control that belongs to Control 7.4, not Control 7.1
D.Both measures are examples of Control 7.2 since they regulate physical entry points

Explanation

Control 7.1 addresses the physical barrier itself (the door, walls, fences), while Control 7.2 addresses the procedures and mechanisms for authorizing entry (badge checks, guards). The cipher lock is part of the barrier mechanism (7.1), whereas identity verification is an entry control (7.2).

2. A ground-floor data center features large transparent glass windows that are locked and alarmed. However, pedestrians outside can clearly view server racks and employee workstations displaying sensitive data. Which specific requirement of Control 7.1 is violated?

A.The windows are not properly alarmed as required for all external openings
B.The barrier fails to prevent visual access, allowing shoulder surfing of sensitive information✓ Correct
C.The standard mandates that ground-floor windows must be replaced with reinforced concrete
D.Employee workstations should be relocated to an area covered by Control 7.2 instead

Explanation

Control 7.1 requires that external openings (including windows) prevent unauthorized viewing of sensitive assets. Transparent windows allowing visual surveillance of screens and equipment violate the 'protection of external openings' pillar, regardless of whether they are locked and alarmed against physical entry.

3. Which scenario best exemplifies the 'defense in depth' principle as defined under Control 7.1?

A.Installing CCTV cameras at all building entrances and loading docks
B.Implementing a site perimeter fence, building exterior walls, and a separate server room enclosure✓ Correct
C.Requiring biometric authentication for all employees entering the facility
D.Deploying security guards at the main lobby and patrolling the parking garage

Explanation

Defense in depth under Control 7.1 involves establishing multiple concentric physical perimeters (site → building → sensitive area). CCTV (7.4), biometrics (7.2), and guards (7.2/7.4) are not physical barrier controls.

4. According to Control 7.1 implementation guidance, how should an organization determine the appropriate robustness of physical barriers such as fences and walls?

A.All barriers must meet maximum security standards regardless of the assets protected
B.Barriers should be commensurate with the risk and sensitivity of the assets within the perimeter✓ Correct
C.The standard mandates reinforced concrete walls for all areas containing information assets
D.Barrier selection should be based primarily on insurance premium reduction requirements

Explanation

Control 7.1 emphasizes that physical barriers must be proportional to the risk. A library housing public information requires different protection than a nuclear facility. The standard does not mandate specific construction materials for all scenarios.

5. During an audit of a server room, the assessor notes that while the walls are reinforced and the door is secured, the suspended ceiling tiles extend over the partition wall into adjacent public hallways. Which Control 7.1 vulnerability is present?

A.The ceiling tiles should be monitored by CCTV cameras under Control 7.4
B.The walls do not extend to the true ceiling, creating a bypass vulnerability through the plenum space✓ Correct
C.The server room should be relocated to an area without suspended ceilings
D.This is primarily an HVAC issue outside the scope of physical security perimeters

Explanation

Control 7.1 requires floor-to-ceiling barriers. Suspended (drop) ceilings that don't extend to the structural ceiling allow attackers to climb over walls via the plenum space. This is a classic 'passive entry point' often overlooked in perimeter security.

Practice all 162+ questions in this domain

Start free practice →

Frequently asked questions

How many ISO 27001 practice questions are there for Physical?↓

AnyCert has 162 ISO 27001 practice questions specifically for the Physical domain, each with a detailed AI-tutored explanation.

Is Physical heavily tested on the ISO 27001 exam?↓

Physical is one of the core domains in the ISO 27001 exam blueprint. Mastering this domain is essential for passing. AnyCert's practice questions cover the full scope of testable topics in this domain.

How should I study the Physical domain for ISO 27001?↓

Practice all 162 Physical questions in AnyCert, review every explanation for missed answers, and use the AI tutor to clarify any concept. Focus on understanding the reasoning behind each answer, not just memorizing the correct choice.

Sample questions — Physical

A.The badge verification and cipher lock both fall under Control 7.1 as they secure the physical perimeter
B.The reinforced steel door is within the scope of Control 7.1, while the badge verification process falls under Control 7.2✓ Correct
C.The cipher lock mechanism is a monitoring control that belongs to Control 7.4, not Control 7.1
D.Both measures are examples of Control 7.2 since they regulate physical entry points

Explanation

A.The windows are not properly alarmed as required for all external openings
B.The barrier fails to prevent visual access, allowing shoulder surfing of sensitive information✓ Correct
C.The standard mandates that ground-floor windows must be replaced with reinforced concrete
D.Employee workstations should be relocated to an area covered by Control 7.2 instead

Explanation

3. Which scenario best exemplifies the 'defense in depth' principle as defined under Control 7.1?

A.Installing CCTV cameras at all building entrances and loading docks
B.Implementing a site perimeter fence, building exterior walls, and a separate server room enclosure✓ Correct
C.Requiring biometric authentication for all employees entering the facility
D.Deploying security guards at the main lobby and patrolling the parking garage

Explanation

4. According to Control 7.1 implementation guidance, how should an organization determine the appropriate robustness of physical barriers such as fences and walls?

A.All barriers must meet maximum security standards regardless of the assets protected
B.Barriers should be commensurate with the risk and sensitivity of the assets within the perimeter✓ Correct
C.The standard mandates reinforced concrete walls for all areas containing information assets
D.Barrier selection should be based primarily on insurance premium reduction requirements

Explanation

A.The ceiling tiles should be monitored by CCTV cameras under Control 7.4
B.The walls do not extend to the true ceiling, creating a bypass vulnerability through the plenum space✓ Correct
C.The server room should be relocated to an area without suspended ceilings
D.This is primarily an HVAC issue outside the scope of physical security perimeters

Explanation

Practice all 162+ questions in this domain

Start free practice →

Frequently asked questions

How many ISO 27001 practice questions are there for Physical?↓

AnyCert has 162 ISO 27001 practice questions specifically for the Physical domain, each with a detailed AI-tutored explanation.

Is Physical heavily tested on the ISO 27001 exam?↓

How should I study the Physical domain for ISO 27001?↓