A) Speed of contract signing
B) Number of guards available this month
C) Lowest bid from contractors
D) Contractor reputation, licensing compliance, and personnel training records

A) Ignore it if no incident occurred
B) Conduct an audit of all personnel files and implement corrective registration and training actions
C) Fire the negligent staff immediately
D) Blame outsourced HR

A) Percentage of personnel with up-to-date certifications, completed training hours, and records of disciplinary actions
B) Client satisfaction surveys only
C) Number of arrests made
D) Average daily patrols logged

A) Make SOPs only for supervisors
B) Copy SOPs from a competitor
C) Keep SOPs informal to allow flexibility
D) Use risk assessment results, stakeholder input, and mandatory provisions of RA 11917 to create measurable SOPs and training plans

A) Delay both until next fiscal year
B) Hire more administrative staff
C) Upgrade CCTV only
D) Invest in prioritized training for key skills and minimum equipment upgrades ensuring competence and compliance

A) Implement but keep it undocumented
B) Refuse, explain legal/professional limits, propose compliant alternatives, and document the interaction
C) Ignore the request
D) Comply to keep the client

A) Announce them once to staff
B) Wait for enforcement visits
C) Only update senior management
D) Immediately integrate rules into SOPs, train staff, and create monitoring KPIs with audit schedules

A) Terminate the night shift supervisor instantly
B) Ignore since violations are minor
C) Analyze root causes, update training, adjust schedules, and implement supervisory spot-checks to prevent recurrence
D) Transfer the guards to day shift

A) Prioritize corrective documentation practices, assign owners, and run weekly compliance reviews until stable
B) Do nothing until an inspection occurs
C) Assume auditors won’t notice
D) Hide gaps from inspectors

A) Terminate immediately without investigation
B) Suspend pending a fair investigation, document findings, coordinate with the licensing authority if required, and follow due process
C) Defend the officer publicly without investigation
D) Ignore the complaint

A) Fire personnel and keep it secret
B) Conduct transparent internal review, communicate corrective measures to stakeholders, and update training/policies
C) Blame the client
D) Deny involvement and stay silent

A) Share biometrics openly with clients
B) Install without policies
C) Develop data protection procedures, obtain consent, limit access rights, and train personnel on privacy obligations
D) Use biometrics only for some staff inconsistently

A) It reduces costs
B) It increases arrests
C) It may incentivize improper conduct; instead, design balanced KPIs that reward lawful, professional behavior and client service
D) It’s standard practice everywhere

A) Hire local guards immediately
B) Copy existing contracts without change
C) Announce expansion on social media
D) Legal/regulatory compliance check, local licensing requirements, market risk assessment, and staffing plan aligned with professional standards

A) Ignore morale, focus on outputs
B) Redesign shift rosters, hire additional staff, provide welfare and training, and monitor service quality metrics
C) Require overtime indefinitely
D) Cut rest breaks to increase coverage

A) Use a single multiple-choice test
B) Pre/post competency testing, practical assessments, field audits, and follow-up performance metrics tied to SOPs
C) Ask trainers if they liked it
D) Count attendance only

A) Refuse, explain legal obligations, report as required, and propose reputational management strategies that are lawful
B) Partially redact and send a false summary
C) Cooperate without question
D) Hide the incident forever

A) Public acknowledgement of breach, corrective plan, assigned responsibilities, and transparent progress reports to stakeholders and regulators
B) Firing CEO immediately without investigation
C) Ignoring the breach
D) Only disciplining frontline staff

A) Willingness to work for low pay
B) Valid licensing/certification, background check clearance, competency in required skills, and evidence of integrity
C) Age alone
D) Physical strength only

A) Perform a risk assessment, quantify impact on safety/service, propose an optimized deployment that balances cost and risk mitigation
B) Replace patrols with fewer cameras only
C) Reduce patrols to save money
D) Ignore the commander

A) Waiting for audit feedback
B) Only updating documents on the audit day
C) Conducting internal compliance audit using the law’s checklist, fix issues, and prepare evidence of corrective actions
D) Hiding records likely to be queried

A) Promote relatives of managers
B) No career path, only daily tasks
C) Create a competency-based career ladder with mandatory training milestones, certifications, and mentorships tied to promotions
D) Promote only by seniority

A) Immediately investigate, validate qualifications, discipline per policy, notify licensing board if needed, and remediate training gaps
B) Ignore to keep numbers clean
C) Terminate entire staff at once
D) Replace documentation without action

A) Clear roles/responsibilities, communication protocols, legal compliance steps, and training/testing schedules
B) A vague description of roles
C) Only evacuation routes
D) Only a list of emergency contacts without procedures

A) Only verbal assurances from vendor
B) Full delegation without oversight
C) Vendor qualification, standard operating procedures, data protection clauses, and periodic verification audits
D) No contract needed

A) Clear, consistent disciplinary procedures with due process and appeals, proportionate sanctions, and rehabilitation options
B) Punishments only for low-ranking personnel
C) Arbitrary punishments to deter misconduct
D) No discipline to avoid conflict

A) Percentage of staff current with licensing, passing rates on competency tests, and reduction in incident recurrence
B) Number of client complaints ignored
C) Total number of guards hired this year
D) Number of social media posts about compliance

A) Use in-house unstructured training only
B) Accredited vendor to ensure compliance and quality of professional competency
C) Choose randomly
D) Cheaper vendor to save funds

A) Share raw staff notes
B) Never share any data
C) Standardized incident reports with factual details, timelines, and corrective actions while protecting privacy and legal rights
D) Only verbal summaries without records

A) Deploy immediately to gain advantage
B) Deploy selectively without oversight
C) Halt deployment until legal compliance review, risk assessment, and policy updates are completed
D) Ignore licensing and assume no consequences

A) Call supervisor only after incident
B) Use force to end argument
C) Escort the customer off premises immediately without documentation
D) Apply verbal de-escalation, preserve evidence, capture witness statements, and file an objective incident report for investigative follow-up

A) Fire the guard immediately without assessment
B) Mark complaint as resolved without investigation
C) Blame the complainant
D) Analyze training records, situational transcripts, supervisor oversight, and cultural-competency gaps to redesign training modules

A) Simulate a complex theft, require teams to collect evidence lawfully, interview witnesses, chain evidence, analyze motive, and prepare prosecutable documentation
B) Only practice radio communication
C) Watch a video about investigations
D) Memorize the steps of filing a report

A) Secure the area, discreetly observe, collect non-intrusive intelligence, escalate to authorized investigators, and preserve chain of custody for any evidence
B) Publicly accuse individuals
C) Confront aggressively and interrogate
D) Ignore unless theft occurs

A) Cross-check access logs, interview guards and staff, analyze patterns, seek physical evidence, and map possible timelines to reconstruct events
B) Blame CCTV system
C) Replace missing item immediately
D) Accept client’s claim without verification

A) True/false quiz
B) Multiple-choice Only
C) A practical exercise presenting ambiguous threat levels where trainee articulates proportional response, legal justification, and post-incident reporting steps
D) Timed obstacle course

A) Handle privately without documentation
B) Grant all VIP requests regardless of policy
C) Evaluate request, seek management approval, document exceptions, and ensure legal and safety approvals are met before altering protocols
D) Refuse all VIP requests automatically

A) Initiate discreet intelligence collection, limit disclosure to need-to-know, correlate access histories, and coordinate with HR and legal before a covert operation or disciplinary action
B) Send a company-wide email accusing staff
C) Ignore the possibility
D) Accuse the suspected employee publicly

A) Lock doors and continue operations
B) Provide clear, calm instructions, designate staff to assist vulnerable customers, communicate updates, and ensure post-evacuation accountability and client communications
C) Evacuate without informing customers of exits
D) Evacuate only employees and leave customers

A) Cross-validate statements with physical evidence, timelines, and CCTV; assess witness credibility and corroborate with independent sources
B) Discard all statements as unreliable
C) Ignore contradictions and accept the first statement
D) Choose the statement that fits a manager’s preconception

A) Reading sample reports
B) Trainees must draft a full investigative report from a simulated incident, including chain-of-custody forms, legal considerations, and executive summary for stakeholders
C) Copying a template report
D) Watching sample report videos

A) Evaluate probable cause, safety, legal authority, risk to the public, and document justification for detention consistent with law and organizational policy
B) Always detain suspects regardless of evidence
C) Never detain to avoid trouble
D) Detain only if manager is present

A) Share raw intelligence files externally
B) Implement a confidential incident feedback loop, transparent service-level reporting, and regular stakeholder briefings while protecting sensitive intelligence
C) Market and publicize internal investigations widely
D) Withhold all incident information

A) Immediately secure scene, interview witnesses, note pursuit details (times, directions), coordinate with police, and ensure bodycam/CCTV capture preserved
B) Continue searching without reporting
C) Post chase details on social media
D) Ignore documenting the chase

A) Number of calls to security center
B) Number of compliments only
C) Response time, resolution effectiveness, lawful conduct incidents, follow-up documentation quality, and client satisfaction surveys analyzed for training gaps
D) Number of guard selfies with clients

A) Focus only on physical security
B) Integrate physical forensics, digital forensics, personnel access records, vendor contract review, and external threat intelligence to determine motive and actors
C) Blame external competitors without proof
D) Fire a random employee to deter sabotage

A) Facilitate scenario-based bias-awareness training, role-play customer-relations simulations, and evaluate behavior changes through supervision and feedback
B) Ignore since performance is otherwise good
C) Give a written warning only
D) Immediately terminate the trainee

A) Use raw messages with no analysis
B) Long narrative without conclusions
C) Bullet list of rumors
D) Executive summary, threat assessment with evidence, impact analysis, recommended mitigations, and prioritized action plan with resource estimates

A) Isolate device (airplane mode), document chain-of-custody, avoid powering on/off unnecessarily, and coordinate with digital forensics specialists for imaging
B) Post images from the phone on social media
C) Let anyone access phone to look for info
D) Hand phone to client for safekeeping

A) Provide transparent incident report, outline corrective actions, offer remediation where appropriate, and solicit client feedback for continuous improvement
B) Provide a generic press release only
C) Ignore clients to avoid panic
D) Blame clients for causing incident

A) Remove vendor without cause
B) Review vendor access logs, reconcile deliveries, interview staff, and recommend vendor audits and strengthened access controls
C) Ignore since thefts are petty
D) Confront vendor employees immediately

A) Asking trainees if they feel confident
B) Practical casework assessment requiring chain-of-custody, witness interview, analytical timeline, and prosecutable report reviewed by external expert
C) Quiz on definitions
D) Observing attendance only

A) Assess card ownership via access logs, interview the person, secure evidence, and detain only if probable cause exists and legal authority is clear
B) Ignore the keycard since it’s not a weapon
C) Immediately arrest the person without cause
D) Destroy the keycard to prevent misuse

A) Outsource all training abroad
B) Prioritize scenario-based, high-impact modules (e.g., evidence handling, interview skills), cross-train supervisors, and use blended learning to save costs
C) Replace training with memos
D) Cancel all investigative training

A) Ignore due to seniority
B) Copy the senior staff’s behavior
C) Confront publicly and humiliate the staff member
D) Discreetly document the breach, report via appropriate channels, and follow up with a compliance investigation regardless of rank

A) Comparative incident trend analysis with heat maps, root-cause insights, and prioritized remediation recommendations across sites
B) Raw incident logs with no analysis
C) One-line email saying “everything’s fine”
D) A single site’s incident report only

A) Leaving the area immediately
B) Hiding from the drill
C) Shouting to scare suspect away
D) Developing a controlled, multi-step response integrating de-escalation, team coordination, evidence preservation, and post-incident documentation plan

A) Encourage leading questions to speed up results
B) Offer witnesses money to change statements
C) Allow informal interviews with no record
D) Use structured interview protocols, record sessions (where legal), document non-leading questioning, and protect witness confidentiality to maintain credibility

A) Act on the first tip received
B) Randomly choose tasks
C) Prioritize by risk (likelihood × impact), feasibility, legal constraints, and potential to prevent harm, then assign resources accordingly
D) Only pursue tasks that are easy

A) Produce objective, chronological facts, corroborate with evidence, avoid opinion, and include evidence logs and witness details for legal scrutiny
B) Include hearsay as fact
C) Omit inconvenient facts
D) Write emotional descriptions to sway court

A) Hand the problem to the client
B) Replace lock hardware only
C) Immediately hire more guards
D) Conduct a site survey mapping vulnerabilities, crime patterns, access points, lighting, CCTV blind spots, and then match controls to quantified risk priorities

A) Perform cost-benefit analysis, consider residual risk, deterrence effects, and long-term total cost of ownership before selecting a layered solution
B) Flip a coin
C) Choose the cheaper option
D) Pick both regardless of budget

A) Wait for an incident to act
B) Fire all unvetted personnel immediately
C) Ignore the oversight
D) Implement urgent background checks for critical roles, temporary restrictions on sensitive access, and a schedule to complete checks for all relevant staff

A) Introduce classification levels, need-to-know access, logging of sensitive document handling, and secure disposal procedures balanced with business needs
B) Ban all internal copying
C) Store all records outside the facility only
D) Allow anyone access if they request it

A) Evacuation communications, emergency medical response coordination, and secured access to critical safety systems
B) Marketing campaign systems
C) Payroll processing
D) The coffee vending machine

A) Verbal assurance only
B) Pilot implementation with metrics: incident rates pre/post, penetration test results, and quantitative risk reduction modeling
C) Testimonials without data
D) Photo of new equipment only

A) Opt for an ornamental fence for appearance only
B) Recommend a layered approach: discreet intrusion detection, natural surveillance improvements (lighting/landscaping), and targeted fencing where risk justifies it
C) Ignore both risk and appearance
D) Build the thickest, most aggressive fence possible regardless of impact

A) Only password-protect with a generic password
B) Post files on a public drive for convenience
C) Save on local desktops only
D) Implement access controls, encryption, audit logging, role-based permissions, and a documented retention/destruction policy before digitization

A) Activate contingency suppliers, prioritize critical processes for recovery, implement manual fallback procedures, and communicate with stakeholders per the BCP
B) Hope the supplier resumes quickly
C) Close operations until supplier returns
D) Blame the supplier publicly

A) Replace guards with a single camera only
B) Increase gate height alone
C) Allow tailgating during busy hours
D) Combine physical barriers, access credential upgrades, anti-tailgate technology, staff training, and monitoring with enforcement policies and sanctions

A) Ignore if not publicized
B) Fire a random staff member
C) Map the leak pathway (who had access), review controls, interview staff, assess extent of compromise, and implement technical/administrative remediations and monitoring
D) Delete the breached files to hide the issue

A) Spend maximum budget to eliminate them entirely
B) Ignore such threats entirely
C) Wait until something happens before deciding
D) Accept where cost of mitigation exceeds impact, but monitor and periodically reassess; implement low-cost controls where feasible

A) Use a single master password for ease
B) Implement least-privilege access, session monitoring, privileged access management, and documented emergency override procedures with audit trails
C) Give administrators full access with no oversight
D) Remove all admin privileges from everyone permanently

A) Conduct a targeted risk assessment, integrate controls into process design, update BCP and recovery priorities, and train staff before commissioning
B) Rely on insurance to cover problems
C) Start production immediately and adapt later
D) Outsource risk to contractors

A) Use threat scenarios, sightlines, lighting conditions, image retention needs, privacy impacts, and integration with response procedures to optimize placement
B) Cover only entrances and ignore interior zones
C) Place cameras randomly to cover all walls
D) Place them only where cosmetically appropriate

A) Blame the IT department without analysis
B) Delete the document and hope for the best
C) Contain exposure, assess scope, notify affected parties per policy, apply legal/PR strategies, and strengthen access controls to prevent recurrence
D) Ignore unless someone complains

A) Allow open access to foster collaboration
B) Only increase signage about confidentiality
C) Access control, visitor vetting, CCTV, data segmentation, endpoint protection, and strict document handling policies with staff vetting and monitoring
D) Lock doors only

A) Replace the generator with the same model without analysis
B) Dismiss the failure as a fluke
C) Cancel future drills to avoid failures
D) Conduct root-cause analysis, test redundancy, evaluate manual workarounds, update recovery time objectives (RTOs), and schedule corrective maintenance and alternate backup sources

A) Only plan for everyday minor events
B) Treat all events equally
C) Use risk-based prioritization focusing on high-impact events first, adopt proportional controls, and incorporate scalable contingency options
D) Only buy the most expensive mitigation available

A) Only check identity documents
B) Require multi-source reference checks, financial background screenings, integrity testing, and role-specific monitoring with separation of duties
C) Hire quickly without vetting to fill vacancies
D) Hire friends of management only

A) Rely on on-premises tapes only without testing
B) Single-point-of-failure in vendor dependency; recommend multi-region/backups, contractual SLAs, and test restores to ensure recovery capability
C) Cancel backups altogether
D) No change is needed; cloud providers are always reliable

A) Use alarmed, access-controlled doors that comply with egress codes (fail-safe mechanisms), combined with monitoring and clear signage to preserve life-safety while securing areas
B) Keep the corridor unlocked for convenience
C) Use bolt locks that require keys and prevent escape
D) Block the corridor to prevent unauthorized access

A) Implement enterprise-wide classification policy, training, and enforcement with tools for labeling and automated controls tied to BCP priorities
B) Delete old classifications
C) Let each department do as they wish
D) Outsource classification to an external vendor with no integration

A) Spend budget evenly across all items
B) Discard all low-priority risks entirely
C) Treat low-priority items first
D) Group similar risks, assess aggregated impact, reprioritize by combined likelihood and impact, and address clusters with single controls where effective

A) Remove all utility entrances and relocate utilities
B) Ignore since utilities are low profile
C) Add access control, monitoring, staff awareness, and integrate the utility entrance into patrol and CCTV coverage with procedural checks
D) Close the entrance permanently

A) Do nothing and hope supplier remains stable
B) Develop alternate suppliers, maintain safety stock for critical items, and create contractual contingencies and rapid switch-over procedures
C) Rely on the supplier’s assurances only
D) Move all production to the unstable region

A) Offer anecdotal stories only
B) Says it looks more professional
C) Present quantified risk reduction, ROI estimate, incident-avoidance costs vs. implementation cost, and regulatory/compliance benefits for decision-making
D) Claim it is mandatory without evidence

A) Only read the BCP document annually
B) A tabletop exercise only every five years
C) Outsource testing and ignore results
D) Regular drills of full-scale recovery, desktop scenario testing, supplier continuity tests, and evidence-based post-exercise improvements with timelines

A) Implement segmented guest networks isolated from corporate resources, enforce bandwidth/security policies, and present clear acceptable-use terms
B) Use the corporate network for guests
C) Display passwords publicly in the lobby
D) Remove Wi-Fi entirely

A) Reduce employee hours to save costs and hope for the best
B) Only purchase extra servers without testing
C) Assume systems will be back in time by luck
D) Map critical processes, identify dependencies, establish recovery strategies (hot/warm sites), test restores, and align resource allocations to meet the RTO

A) Install only high fences with barbed wire
B) Reconfigure sightlines with low landscaping, optimize lighting, create natural surveillance, control access, and combine signage and territorial reinforcement to reduce crime opportunities
C) Add metal detectors only
D) Add more security guards only

A) CPTED is obsolete
B) Mechanistic security always wins
C) Use only police patrols and nothing else
D) A hybrid approach that uses CPTED for long-term social prevention and targeted mechanical systems for high-risk nodes yields better resilience and community acceptance

A) Add murals to decorate blind spots only
B) Close the corridors permanently
C) Keep blind corridors and increase patrols only
D) Introduce transparency (glass), natural surveillance points, mirrored sightlines, and controlled access while maintaining aesthetic coherence

A) Close the space at night permanently
B) Remove seating entirely to prevent anyone from staying
C) Design inclusive public spaces with active uses (cafés, vendor stalls), adequate lighting, seating that discourages long-term loitering in sensitive areas, and community policing initiatives
D) Enforce blanket anti-loitering laws harshly

A) Hide guards in basements only
B) Add visible armed sentries on every corner of the roof
C) Cover the façade with solid metal plates
D) Use architectural features (bollards disguised as planters, setback landscaping, and reinforced glazing) that provide protection without visible fortress aesthetics

A) Reorganize parking into well-lit, surveilled zones, increase natural surveillance through foot traffic patterns, add controlled access points, and run community awareness campaigns
B) Ban parking entirely
C) Only hand out pamphlets about theft prevention
D) Install random spikes that damage tires to stop parking

A) Distributed nodes with clear sightlines, controlled access points, and secure back-of-house circulation to reduce single-point-target risk and support emergency egress
B) Randomly place shops with no planning
C) One concentrated atrium for maximum density
D) Hide all shops behind secured doors only accessible by staff

A) Engaged communities increase social cohesion, informal guardianship, and long-term deterrence, reducing reliance on costly mechanical controls and improving legitimacy of security measures
B) Only technology can prevent crime, community engagement is irrelevant
C) Community input always increases crime
D) Community engagement slows down planning

A) Ignore security to preserve authenticity
B) Use reversible, non-invasive security installations (discreet cameras, mobile access solutions, sympathetic barriers) and collaborate with conservationists to maintain historical integrity while improving protection
C) Build a separate modern structure next to the heritage site and move everything there
D) Replace the heritage site with a modern fortress

A) Close the promenade to the public permanently
B) Use temporary measures only during festivals
C) Use graduated measures (landscaped barriers, retractable bollards, widened sidewalks, setback café zones) combined with pedestrian experience analysis and emergency access planning to balance protection and livability
D) Install visible concrete blocks everywhere