
Domain 3 Exam.
A minimum of 70% is required to pass.
#1. Which of the following is the most difficult to discover keys among known-plaintext attacks, selective-plaintext attacks, and adaptive-selective-plaintext attacks?
〇:Known Plaintext Attacks
A known-plaintext attack is a situation in which a decryptor can obtain plaintext indiscriminately. A ciphertext-alone attack is a situation where a decryptor can acquire ciphertext indiscriminately. A known-plaintext attack acquires the plaintext but does not know what ciphertext it is paired with, meaning that decryption is attempted with only two random ciphertexts. In this situation, it is difficult to decrypt. Therefore, the correct answer is “known-plaintext attack.
×:Selective Plaintext Attack
A choice-plaintext attack is a situation in which the decryptor can freely choose the plaintext to acquire and obtain the ciphertext.
×:Adaptive Choice Plaintext Attack
An adaptive choice-plaintext attack is a situation in which the decryptor can freely choose which plaintext to acquire and acquire the ciphertext, and can repeat the acquisition again after seeing the result.
×:None of the above
It is rare for the answer to be “none of the above” when the choice is “most of the above.
#2. The CA is responsible for revoking the required certificates. Which of the following adequately describes CRLs and OCSPs?
〇:OCSP is a protocol developed specifically to check CRLs during the certificate validation process.
A Certificate Authority (CA) is responsible for creating certificates, maintaining and distributing them, and revoking them when necessary. Revocation is handled by the CA and the revoked certificate information is stored in a Certificate Revocation List (CRL). This is a list of all revoked certificates. This list is maintained and updated periodically. A certificate is revoked if the key owner’s private key has been compromised, if the CA has been compromised, or if the certificate is incorrect. If a certificate is revoked for any reason, the CRL is a mechanism for others to inform you of this information. The Online Certificate Status Protocol (OCSP) uses this CRL; when using CRLs, the user’s browser must examine the CRL value to the client to see if the accreditation has been revoked or the CA is constantly checking to make sure they have an updated CRL. If OCSP is implemented, it will do this automatically in the background. It performs real-time verification of the certificate and reports back to the user whether the certificate is valid, invalid, or unknown.
×:CRL was developed as a more efficient approach to OCSP.
CRLs are often incorrect because they are a cumbersome approach; OCSP is used to deal with this tediousness; OCSP does this work in the background when using CRLs; OCSP checks the CRL to see if the certificate has been revoked by Checks.
×:OCSP is a protocol for submitting revoked certificates to CRLs.
OCSP is incorrect because it does not submit revoked certificates to the CRL; the CA is responsible for certificate creation, distribution, and maintenance.
×:CRL provides real-time validation of certificates and reports to OCSP.
Incorrect because CRL does not provide real-time validation of certificates to OCSP.
#3. Which of the following is an incorrect benefit of virtualization?
〇:Operating system patching is easier.
This is an incorrect choice question. Virtualization does not simplify operating system patching. In fact, it complicates it by adding at least one additional operating system. Each operating system differs from the typical version configuration, adding to the complexity of patching. The server’s own operating system runs as a guest within the host environment. In addition to patching and maintaining the traditional server operating system, the virtualization software itself must be patched and maintained.
For this question, we do not require an understanding of all the technical systems of virtualization. What is required here is a selection of answers based on a process of elimination.
×:I can build a secure computing platform.
Building a secure computing platform may not be a feature of virtualization per se. However, can we build a secure environment? This is not a false choice because it cannot be ruled out.
×:It can provide fault and error containment.
Virtualization can be host independent. In terms of containment, it can be interpreted as being able to provide fault and error containment through independence from physical servers. Therefore, it cannot be denied and is therefore not an incorrect choice.
×:It can provide powerful debugging capabilities.
Virtualization can reproduce a unique environment, not just put up a clean virtual host. Therefore, it is undeniable and therefore out of the wrong choice.
#4. Which is the difference between public key cryptography and public key infrastructure?
〇:Public key infrastructure is a mechanism configuration for public key cryptographic distribution, and public key cryptography is another name for asymmetric encryption.
Public key cryptography is asymmetric cryptography. The terms are used interchangeably. Public key cryptography is a concept within the Public Key Infrastructure (PKI), which consists of various parts such as Certificate Authorities, Registration Authorities, certificates, keys, programs, and users. Public Key Infrastructure is used to identify and create users, distribute and maintain certificates, revoke and distribute certificates, maintain encryption keys, and for the purpose of encrypted communication and authentication.
×:Public key infrastructure uses symmetric algorithms and public key cryptography uses asymmetric algorithms.
This is incorrect because the public key infrastructure uses a hybrid system of symmetric and asymmetric key algorithms and methods. Public key cryptography is to use asymmetric algorithms. Therefore, asymmetric and public key cryptography are interchangeable, meaning they are the same. Examples of asymmetric algorithms are RSA, elliptic curve cryptography (ECC), Diffie-Hellman, and El Gamal.
×:Public key infrastructure is used to perform key exchange, while public key cryptography is used to create public/private key pairs.
This is incorrect because public key cryptography is the use of asymmetric algorithms used to create public/private key pairs, perform key exchange, and generate and verify digital signatures.
×:Public key infrastructure provides confidentiality and integrity, while public key cryptography provides authentication and non-repudiation.
Incorrect because the public key infrastructure itself does not provide authentication, non-repudiation, confidentiality, or integrity.
#5. Which of the following is NOT a role of the memory manager?
〇:Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.
This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.
In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.
There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.
×:If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.
If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.
×:Restrict processes to interact only with the memory segments allocated to them.
The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.
×:Swap contents from RAM to hard drive as needed.
This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.
#6. Which of the following is a common association of the Clark-Wilson access model?
〇:Well-Formed Transaction
In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.
×:Childwall model
This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.
×:Access tuples
The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.
×:Write Up and Write Down
The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.
#7. We are looking to move to a cloud-based solution to eliminate the increasing cost of maintaining our own server network environment. Which of the following is the correct definition and mapping of a typical cloud-based solution to choose?
〇:The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.
Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.
There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer
×:The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.
IaaS Description.
×:The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.
This is a description of the operational benefits of cloud computing. It is not a definition.
×:The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.
SaaS Description.
#8. Sally has performed software analysis against her company’s proprietary applications. She has found that it is possible to force an authentication step to take place before the attacker has successfully completed the authentication procedure. What could be the cause?
〇:Conflict condition
A race condition is present when a process performs a task on a shared resource and the sequence could be in the wrong order. 2 or more processes can have a race condition if they use a shared resource, like data in a variable. It is important that processes perform their functions in the correct sequence.
×:Backdoors
Backdoors are incorrect because they are “listening” services on certain ports. Backdoors are implemented by attackers to allow easy access to the system without authenticating as a normal system user.
×:Maintenance Hooks
Maintenance hooks are specific software codes that allow easy and unauthorized access to sensitive parts of a software product. Software programmers use maintenance hooks to allow them to get quick access to the code so that they can make fixes in immediate, but this is dangerous.
×:Data validation errors
Data validation errors are wrong because an attacker cannot operate on the process execution sequence.
#9. Which of the following events occurs in a PKI environment?
〇:CA signs certificates.
A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.
×:RA creates the certificate and CA signs it.
Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.
×:RA signs certificates.
The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.
×:The user signs the certificate.
Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.
#10. Which of the following physical environment designs combines sociology to reduce crime rates and fear of crime?
〇:Crime Prevention by Environmental Design (CPTED)
Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.
×:Multi-layered defense model
The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.
×:Hiding by Ambiguity
Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.
×:Access Control
Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.
#11. Which of the following is an axiom of access control to ensure that rewriting a supervisor’s document does not release incorrect information to the supervisor?
〇:* (star) Integrity Property
The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.
×:Simple Integrity Property
The Simple Integrity Property is a constraint on Read Down.
×:Strong Tranquillity Axiom
The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.
×:Weak Tranquillity Axiom
Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.
#12. Which of the following best describes the difference between a firewall embedded in a hypervisor and a virtual firewall operating in bridge mode?
〇:A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.
Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.
×:A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.
A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.
#13. Lacy’s manager assigned her to research intrusion detection systems for the new dispatching center. Lacey identifies the top five products and compares their ratings. Which of the following is the most used evaluation criteria framework today for this purpose?
〇:Common Criteria
Common Criteria was created in the early 1990s as a way to combine the strengths of both the Trustworthy Computer Systems Evaluation Criteria (TCSEC) and the Information Technology Security Evaluation Criteria (ITSEC) and eliminate their weaknesses. Common Criteria is more flexible than TCSEC and easier than ITSEC. Common Criteria is recognized worldwide and assists consumers by reducing the complexity of assessments and eliminating the need to understand the definitions and meanings of different assessments in different assessment schemes. This also helps manufacturers because they can now build a specific set of requirements when they want to market their products internationally, rather than having to meet several different evaluation criteria under different rules and requirements.
×:ITSEC
This is incorrect because it is not the most widely used information technology security evaluation standard. ITSEC was the first attempt to establish a single standard for evaluating the security attributes of computer systems and products in many European countries. In addition, ITSEC separates functionality and assurance in its evaluations, giving each a separate rating. It was developed to provide greater flexibility than TCSEC and addresses integrity, availability, and confidentiality in networked systems. The goal of ITSEC was to become the global standard for product evaluation, but it failed to achieve that goal and was replaced by Common Criteria.
×:Red Book
Wrong, as it is a U.S. government publication that addresses the topic of security evaluation of networks and network components. Formally titled Trusted Network Interpretation, it provides a framework for protecting different types of networks. Subjects accessing objects on the network must be controlled, monitored, and audited.
×:Orange Book
Incorrect as this is a U.S. Government publication that addresses government and military requirements and expectations for operating systems. The Orange Book is used to evaluate whether a product is suitable for the security characteristics and specific applications or functions required by the vendor. The Orange Book is used to review the functionality, effectiveness, and assurance of the product under evaluation, using classes designed to address typical patterns of security requirements. It provides a broad framework for building and evaluating trusted systems, with an emphasis on controlling which users have access to the system. We call it the Orange Book, but another name for it is Trusted Computer System Evaluation Criteria (TCSEC).
#14. It appears that this organization is abusing its authority. Which approach would clarify the what, how, where, who, when, and why of each ex officio?
〇:Zachman Framework
The Zachman Framework is an enterprise architecture that determines the what, how, where, who, when, and why for each mandate. Enterprise architecture is to create a management structure to achieve business goals. We create an organization to achieve business goals, and basically, the larger the business goals, the larger the organization. If the structure of the organization is not in place, the organization will not run efficiently, as there may be residual work that needs to be done, or there may be friction between jobs due to authority that is covered by others. Therefore, it is necessary to clarify the scope of each job authority in order to put the organization in order. The job authority here is different from the perspectives of human resources or sales. It is easier to think of them as hierarchically separated to achieve business goals. Clarify the scope in Executive, Business Management, Architecture, Engineers, Subcontractors, and Stakeholders, respectively. Therefore, the correct answer is the Zachman Framework.
×:SABSA
SABSA (Sherwood Applied Business Security Architecture) is a framework to ensure that security measures are working properly in achieving business goals. Unlike the Zachman Framework, the tasks to be organized are hierarchical elements. Business Requirements > Conceptual Architecture > Logical Service Architecture > Physical Infrastructure Architecture > Technology and Products, each with a 5W1H practice.
×:Five-W method
There is no such term. If there is, it is a term coined to make it easier to interpret.
×:Biba Model
The Biba model is a security model that indicates that data cannot be changed without permission.
#15. Elliptic curve cryptography is an asymmetric algorithm. What are its advantages over other asymmetric algorithms?
〇:Encryption and decryption are more efficient.
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. Elliptic curve cryptography (ECC) differs from other asymmetric algorithms because of its efficiency; ECC is efficient because it is computationally less expensive than other asymmetric algorithms. In most cases, the longer the key, the more bloated the computation to secure it, but ECC can provide the same level of protection with a shorter key size than RSA requires.
×:Provides digital signatures, secure key distribution, and encryption.
ECC is wrong because it is not the only asymmetric algorithm that provides digital signatures, secure key distribution, and encryption provided by other asymmetric algorithms such as RSA.
×:Calculated in finite discrete logarithms.
Wrong because Diffie-Hellman and El-Gamal compute with finite discrete logarithms.
×:Uses a large percentage of resources to perform the encryption.
Incorrect because ECC when compared to other asymmetric algorithms uses much less resources. Some devices, such as wireless devices and cell phones, have limited processing power, storage, power, and bandwidth. Resource utilization efficiency is very important for the encryption methods used in this type.
#16. Several steps must be taken before an effective physical security program can be rolled out. Which of the following steps comes first in the process of rolling out a security program?
〇:Conduct a risk analysis.
The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.
×:Create a performance metric for the countermeasure.
The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.
×:Design program.
Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.
×:Implement countermeasures.
Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.
#17. Jeff would like to incorporate encryption technology into the new product. He is considering encryption methods available on the Internet. What advice should we give him?
Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.
#18. You have been instructed to report to the Board of Directors with a vendor-neutral enterprise architecture framework that will help reduce fragmentation due to inconsistencies between IT and business processes. Which of the following frameworks should you propose?
〇:TOGAF
The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.
×:Department of Defense Architecture Framework (DoDAF)
In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.
×:Capability Maturity Model Integration (CMMI) during software development.
It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.
×:ISO/IEC 42010
Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.
#19. David is preparing the server room for the new branch office. He wants to know what locking mechanism should be used for the primary and secondary server room entry doors?
〇:Primary entry doors should have controlled access via swipe card or cryptographic locks. Secondary doors should not be secured from the inside and allowed entry.
Data centers, server rooms, and wiring closets should be located in the core areas of the facility, near wiring distribution centers. Strict access control mechanisms and procedures should be implemented for these areas. Access control mechanisms can lock smart card readers, biometric readers, or a combination of these. These restricted areas should have only one access door, but fire code requirements typically dictate that there must be at least two doors in most data centers and server rooms. Only one door should be used for daily entry and exit and the other door should be used only in case of an emergency, i.e., if a fire breaks out in a data center or server room, the door should be locked. This second door should not be an access door, meaning people should not be able to come through this door. It should be locked, but should have a panic bar that will release the lock if it is used as an exit, pushed from the inside.
×:The primary and secondary entry doors must have control access via swipe cards or cryptographic locks.
This is incorrect because even two entry doors should not be allowed to pass through with the identification, authentication, and authorization process. There should only be one entry point into the server room. No other door should provide an entry point, but can be used for an emergency exit. Therefore, secondary doors should be protected from the inside to prevent intrusion.
×:The primary entry door should have controlled access via a guard. Two doors should not be secured from the inside and allowed entry.
The main entry door to the server room is incorrect as it requires an identification, authentication, and authorization process to be performed. Swipe cards and cryptographic locks perform these functions. Server rooms should ideally not be directly accessible from public areas such as stairways, hallways, loading docks, elevators, and restrooms. This helps prevent foot traffic from casual passersby. Those who are by the door to the area to be secured should have a legitimate reason for being there, as opposed to those on the way to the meeting room, for example.
×:The main entry door must have controlled access via swipe card or crypto lock. Two doors must have security guards.
Two doors should not have security guards, because it is wrong. The door should be protected from the inside simply so it cannot be used as an entry. Two-door must function as an emergency exit.