ASIS-PSP ASIS Physical Security Professional (PSP) Exam Free Practice Exam Questions (2025 Updated)

An “innocuous virus” is not a formally recognized type of computer virus. All viruses, by definition, are considered malicious because they replicate without authorization and potentially cause harm, whether immediate or latent.

Common types of viruses include:

Humorous (B): A virus designed to prank users without causing real harm (e.g., funny messages).

Hostile (C): Actively destructive or malicious.

Altering (D): Modifies system files or behaviors.

"Innocuous virus" (A) is a misnomer, making it the correct choice as "not" a virus type.

Comprehensive Detailed Explanation:

Pyrolysis is the chemical decomposition of solid materials (often organic) caused by heat. It results in the release of flammable gases or vapors, which can mix with oxygen and ignite. Pyrolysis is a critical process in the early stages of a solid-fuel fire.

Liquidity (A) and Vaporization (B) refer to liquids turning into gas, not solid decomposition.

“None of the above” (D) is incorrect since “Pyrolysis” is the correct term.

An initial threat or hazard evaluation must include an assessment of how likely each threat is to occur. This probability, when combined with impact analysis, forms the foundation for risk assessments. Understanding likelihood allows prioritization of mitigation strategies.

A (Estimate costs) and C (Develop business case) are later steps.

D (Develop response plan) comes after risk characterization.

Hold harmless clauses are contractual provisions that attempt to shift liability from one party to another—typically from the hiring organization to the contractor. However, under the principle of non-delegable duty, courts often do not honor these clauses when essential legal responsibilities (like ensuring public safety) are involved. This reinforces that certain legal obligations cannot be waived or outsourced.

Options A and B are not recognized legal phrases.

Software piracy is the unauthorized copying, distribution, or use of copyrighted software. This includes reselling or giving away licensed programs without proper authorization from the copyright holder.

Identity theft (A) involves stealing personal information.

War driving (B) is about locating open Wi-Fi networks.

Unauthorized access to software (C) is related but not specific to copying and distribution.

Security consultants are often retained to provide strategic input on staffing needs, policy design, and technology integration. Their advice helps organizations make informed decisions regarding the deployment of personnel, the structure of policies, and the selection of physical and electronic security systems.

Private security refers to individuals or organizations that offer security-related services for compensation. This includes both self-employed individuals (such as independent security consultants or contractors) and funded business entities (such as security companies or firms) that provide services to private clients for a fee. These services may include guarding, patrolling, risk assessments, investigations, alarm monitoring, or other protective activities.

Patrol duty involves moving through assigned routes or areas to monitor activity, detect irregularities, and observe the general condition of the facility. Patrolling can be conducted on foot or by vehicle and is a fundamental component of proactive security operations.

Posts (B) are stationary assignments.

Reserves (C) are backup personnel.

"None of the above" (D) is incorrect because patrol duty is the accurate answer.

Comparative fault, also known as comparative negligence, is a legal principle where the plaintiff’s own actions are taken into account when determining liability and awarding damages. If a person contributed to their own injury—e.g., by entering a restricted area—their compensation may be reduced proportionally to their share of fault.

Control tactics (A) and Defensive control (C) relate to use-of-force procedures, not legal doctrines.

Comprehensive Detailed Explanation:

A Business Impact Analysis (BIA) identifies and prioritizes critical business functions that are essential to the survival and continuity of operations. The results of the BIA help guide recovery strategies, resource allocation, and business continuity planning.

A (Budget) and B (Personnel allocation) are determined later, informed by the BIA.

C (Number of hot sites) is a strategic outcome but not the direct purpose of the BIA.

To identify and classify risk effectively, a security practitioner must understand:

Assets: What needs protection.

Exposure: What threats or vulnerabilities exist.

Losses: What the impact would be if threats materialize.

This foundational analysis guides the prioritization and mitigation of risk.

B, C, and D mix relevant terms but do not define the core framework for risk identification.

Comprehensive Detailed Explanation:

Pandemics primarily impact human health and workforce availability rather than directly damaging physical infrastructure. The effects on infrastructure are typically secondary, such as reduced staffing at utilities or service providers, rather than structural destruction (as in natural disasters).

Infrastructure remains physically intact, but operations may be disrupted due to workforce shortages.

The Chief Security Officer (CSO) is responsible for overseeing an organization’s entire security posture—including physical, personnel, and sometimes information security. A crucial part of this role is ensuring that communication channels are effective. The CSO must analyze these channels regularly to ensure that the information received is accurate, relevant, timely, concise, and actionable for security operations and decision-making.

CIO (A) focuses on IT systems.

Information Security Officer (B) handles cybersecurity but may not oversee overall physical security.

Chief Minister (C) is a governmental/political role, not organizational security.

Organizational levels of terrorism are generally classified into:

Individual Terrorism (Lone-wolf actors)

Group Terrorism (Non-state groups like al-Qaeda, ISIS)

State Terrorism (When a state uses terror tactics on its own or others' populations)

Modern terrorism refers more to the contemporary methods, tools, and global nature of terrorism—not a level of organization. Hence, it's not considered an "organizational level."

The primary objective of a CCTV system is deterrence—by making individuals aware they are being monitored, it discourages unauthorized or criminal behavior. While recording for evidence and employee monitoring are benefits, they are secondary.

A (Reducing guard costs) may be a benefit but is not the main objective.

C (Evidence collection) supports post-incident action but doesn’t directly deter behavior.

D (Watching employees) is an application, not the core goal.

Security consultants are often retained to provide strategic input on staffing needs, policy design, and technology integration. Their advice helps organizations make informed decisions regarding the deployment of personnel, the structure of policies, and the selection of physical and electronic security systems.

Privacy invasion is a legal or ethical issue, not a type of insurance policy. Common types of insurance relevant to security include:

Fidelity Bonds: Cover losses due to employee dishonesty

Surety Bonds: Provide financial assurance that obligations will be fulfilled

3-D (Dishonesty, Disappearance, and Destruction) Policies: Provide broader coverage for internal and external crimes

Privacy-related issues may be addressed under cyber liability or data breach insurance but not as a standalone policy called “Privacy Invasion.”

Recruitment into jihadist or other terrorist movements typically involves identifying individuals vulnerable to radical ideology, indoctrinating them through propaganda and religious misinterpretation, and then training them for operational activities, including attacks or support roles.

Standoff distance refers to the space maintained between a potential explosive threat (such as a vehicle-borne improvised explosive device, or VBIED) and the target asset. Increasing standoff distance significantly reduces the impact of a blast by leveraging the inverse-square law, which governs blast pressure dissipation over distance.

A (Blast radius) is the area affected by an explosion.

B (Impact area) refers to where a blast or projectile strikes.

C (Clear zone) is used in security but does not specifically refer to bomb offset.