Physical controls are security measures that prevent unauthorized physical access to critical assets, such as IT infrastructure, sensitive documents, or restricted areas.
(A) Preventing database administrators from initiating program changes:
This is a logical (IT) control rather than a physical control. Logical controls manage access permissions and prevent unauthorized software changes.
(B) Blocking technicians from getting into the network room (Correct Answer):
This is a physical control because it prevents unauthorized personnel from physically accessing critical IT infrastructure, such as servers and networking devices.
Unauthorized access to a network room could lead to data breaches, hardware manipulation, or cyberattacks.
(C) Restricting system programmers' access to database facilities:
This is an access control measure, which can be either logical (permissions, role-based access) or physical. However, it primarily refers to IT access controls rather than a physical security measure.
(D) Using encryption for data transmitted over the public internet:
This is a technical control, not a physical one. Encryption protects data but does not prevent physical breaches.
IIA GTAG 17: Auditing IT Security – Emphasizes the role of physical security in protecting IT infrastructure.
COBIT Framework – DSS05 (Manage Security Services) – Highlights physical access restrictions as a key security measure.
ISO/IEC 27001: Information Security Management System – Identifies physical security as a fundamental control for IT risk management.
Analysis of Each Option:IIA References:Conclusion:Since physical security controls prevent unauthorized physical access, option (B) is the correct answer.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit