nerdexam
(ISC)2

CISSP · Question #1514

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the gr

The correct answer is D. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server. This question tests physical security and environmental controls for data center/server room risk reduction, focusing on HVAC vulnerabilities and appropriate fire suppression systems.

Submitted by dimitri_ru· Mar 5, 2026Asset Security

Question

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?

Options

  • ARemove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on
  • BAdd additional ultraviolet light filters to the HVAC intake supply and return ducts and change
  • CApply additional physical security around the HVAC intakes and update upper floor fire
  • DElevate the HVAC intake by constructing a plenum or external shaft over it and convert the server

How the community answered

(29 responses)
  • A
    17% (5)
  • B
    10% (3)
  • C
    7% (2)
  • D
    66% (19)

Why each option

This question tests physical security and environmental controls for data center/server room risk reduction, focusing on HVAC vulnerabilities and appropriate fire suppression systems.

ARemove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on

Removing UV filters from HVAC intakes would increase risk by eliminating a biological/microbial filtration layer, and simply replacing the fire suppression without addressing the ground-level intake vulnerability leaves a significant physical attack vector unmitigated.

BAdd additional ultraviolet light filters to the HVAC intake supply and return ducts and change

Adding more UV filters to supply and return ducts does not address the fundamental vulnerability of a ground-level HVAC intake being physically accessible and susceptible to deliberate contamination or physical tampering, leaving the root risk unresolved.

CApply additional physical security around the HVAC intakes and update upper floor fire

Adding physical security around HVAC intakes provides only a deterrent or detection control but does not eliminate the risk of airborne contaminants, flooding, or other environmental threats that a relocated/elevated intake would prevent, making it a less comprehensive mitigation.

DElevate the HVAC intake by constructing a plenum or external shaft over it and convert the serverCorrect

Elevating the HVAC intake via a plenum or external shaft mitigates ground-level threats such as chemical or biological agent introduction, vandalism, and flooding by moving the intake to a less accessible height. Converting the server room fire suppression addresses a critical risk: Aero-K (a dry powder agent) can damage sensitive electronic equipment, and replacing it with a clean agent system (such as FM-200 or Halon alternative) protects both personnel and hardware while effectively suppressing fires without residue.

Concept tested: Physical security controls for HVAC and fire suppression systems

Source: https://www.nist.gov/publications/guidelines-physical-security-it

Topics

#physical security#HVAC security#fire suppression#risk mitigation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice