Protecting Physical Spaces & Access Controls | AP Cybersecurity

AP Cybersecurity Topics › Protecting Physical Spaces
Unit 2 • Topic 2.3 • Protecting Physical Spaces

Protecting Physical Spaces: Physical Access Controls Explained

Topic 2.3 covers how organizations protect physical spaces using a mix of managerial controls (policies and training) and physical controls (barriers and hardware). The goal is to keep unauthorized people away from devices and data.

Contents

  1. Managerial controls
  2. Physical controls
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
2control kinds: managerial + physical
Layeredbarriers, locks, readers
UPSkeeps power available
ManagerialPolicy and trainingPhysicalLocks, readers, vestibulesvs
Two kinds of control work together to protect a physical space.

Managerial controls

Managerial controls are policies and people. Organizations conduct employee training so staff recognize tailgating and social engineering, and set a workstation policy (for example, locking screens and not leaving devices unattended).

These controls reduce the human openings that physical attacks rely on, such as someone politely holding a secure door.

Scenario

A company trains staff to never let anyone tailgate, even when they seem friendly. Which control type is this?

Reveal answer

A managerial control. Training is a policy-and-people safeguard that closes the human gap tailgating exploits.

Exam tip

Managerial = policy and training. Physical = barriers and hardware. Questions ask you to pick the control that fits the threat.

Physical controls

Physical controls are barriers and hardware. Examples include fencing and gates, locks on doors and server cabinets, card readers that record who entered, access control vestibules and turnstiles that stop tailgating, disabling USB ports to block malicious devices, and an uninterruptible power supply (UPS) to keep systems running through outages.

Organizations prioritize these mitigations based on risk: the highest-risk assets get the strongest, most layered controls.

Scenario

To stop tailgating specifically, which physical control is most effective?

Reveal answer

An access control vestibule or turnstile, which only lets one authorized person through at a time, so a second person cannot slip in behind.

Real-world example

Vestibules at high-security sites

Data centers and banks use mantrap vestibules and turnstiles precisely because they stop tailgating, admitting one verified person at a time. The control is matched directly to the threat.

Match the control to the specific physical threat.

Key Terms

Managerial control Policy and training safeguards.
Access control vestibule A two-door space that admits one verified person at a time.
Card reader A control that admits and logs who entered.
UPS An uninterruptible power supply that protects availability.
Workstation policy Rules like locking screens and securing devices.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Treating training as optional

Employee training is a real managerial control that closes human gaps.

!

Forgetting USB ports

Disabling USB ports blocks malicious devices, a common physical attack vector.

!

Confusing a card reader with a lock

A card reader also records who entered, adding accountability a plain lock does not.

!

Ignoring power as availability

A UPS protects availability by keeping systems running during outages.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
Which control most directly prevents tailgating?
B. Vestibules and turnstiles let one authorized person through at a time, stopping tailgating.
Question 2 Predict first
Employee security training is which type of control?
B. Training is a managerial control, a policy-and-people safeguard.
Question 3
Which are physical controls? I. Locks. II. Card readers. III. Fencing.
D. Locks, card readers, and fencing are all physical controls.
Question 4 Predict first
Disabling USB ports primarily defends against:
A. Disabling USB ports blocks attackers from plugging in malicious hardware.
Question 5
An uninterruptible power supply (UPS) most directly protects which goal?
C. A UPS keeps systems running during outages, protecting availability.
Question 6
What advantage does a card reader have over a simple lock?
A. Card readers add accountability by logging who entered, which a plain lock cannot.

Frequently Asked Questions

With managerial controls (employee training, workstation policies) and physical controls (fencing, locks, card readers, vestibules, disabled USB ports, and a UPS).
An access control vestibule or turnstile, which only admits one authorized person at a time, prevents a second person from slipping in behind.
Disabling USB ports blocks attackers from plugging in malicious devices, a common way physical access turns into a system compromise.
← PreviousPhysical Attacks
Keep studying
All TopicsUnit 2 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]