A) Speed of contract signing
B) Number of guards available this month
C) Contractor reputation, licensing compliance, and personnel training records
D) Lowest bid from contractors

A) Ignore it if no incident occurred
B) Fire the negligent staff immediately
C) Conduct an audit of all personnel files and implement corrective registration and training actions
D) Blame outsourced HR

A) Client satisfaction surveys only
B) Number of arrests made
C) Percentage of personnel with up-to-date certifications, completed training hours, and records of disciplinary actions
D) Average daily patrols logged

A) Make SOPs only for supervisors
B) Use risk assessment results, stakeholder input, and mandatory provisions of RA 11917 to create measurable SOPs and training plans
C) Keep SOPs informal to allow flexibility
D) Copy SOPs from a competitor

A) Upgrade CCTV only
B) Hire more administrative staff
C) Delay both until next fiscal year
D) Invest in prioritized training for key skills and minimum equipment upgrades ensuring competence and compliance

A) Implement but keep it undocumented
B) Refuse, explain legal/professional limits, propose compliant alternatives, and document the interaction
C) Ignore the request
D) Comply to keep the client

A) Only update senior management
B) Immediately integrate rules into SOPs, train staff, and create monitoring KPIs with audit schedules
C) Announce them once to staff
D) Wait for enforcement visits

A) Ignore since violations are minor
B) Terminate the night shift supervisor instantly
C) Transfer the guards to day shift
D) Analyze root causes, update training, adjust schedules, and implement supervisory spot-checks to prevent recurrence

A) Hide gaps from inspectors
B) Prioritize corrective documentation practices, assign owners, and run weekly compliance reviews until stable
C) Assume auditors won’t notice
D) Do nothing until an inspection occurs

A) Terminate immediately without investigation
B) Defend the officer publicly without investigation
C) Suspend pending a fair investigation, document findings, coordinate with the licensing authority if required, and follow due process
D) Ignore the complaint

A) Deny involvement and stay silent
B) Conduct transparent internal review, communicate corrective measures to stakeholders, and update training/policies
C) Fire personnel and keep it secret
D) Blame the client

A) Use biometrics only for some staff inconsistently
B) Develop data protection procedures, obtain consent, limit access rights, and train personnel on privacy obligations
C) Install without policies
D) Share biometrics openly with clients

A) It increases arrests
B) It may incentivize improper conduct; instead, design balanced KPIs that reward lawful, professional behavior and client service
C) It’s standard practice everywhere
D) It reduces costs

A) Hire local guards immediately
B) Announce expansion on social media
C) Copy existing contracts without change
D) Legal/regulatory compliance check, local licensing requirements, market risk assessment, and staffing plan aligned with professional standards

A) Ignore morale, focus on outputs
B) Redesign shift rosters, hire additional staff, provide welfare and training, and monitor service quality metrics
C) Require overtime indefinitely
D) Cut rest breaks to increase coverage

A) Use a single multiple-choice test
B) Count attendance only
C) Ask trainers if they liked it
D) Pre/post competency testing, practical assessments, field audits, and follow-up performance metrics tied to SOPs

A) Hide the incident forever
B) Partially redact and send a false summary
C) Refuse, explain legal obligations, report as required, and propose reputational management strategies that are lawful
D) Cooperate without question

A) Public acknowledgement of breach, corrective plan, assigned responsibilities, and transparent progress reports to stakeholders and regulators
B) Firing CEO immediately without investigation
C) Only disciplining frontline staff
D) Ignoring the breach

A) Valid licensing/certification, background check clearance, competency in required skills, and evidence of integrity
B) Age alone
C) Willingness to work for low pay
D) Physical strength only

A) Ignore the commander
B) Reduce patrols to save money
C) Perform a risk assessment, quantify impact on safety/service, propose an optimized deployment that balances cost and risk mitigation
D) Replace patrols with fewer cameras only

A) Conducting internal compliance audit using the law’s checklist, fix issues, and prepare evidence of corrective actions
B) Hiding records likely to be queried
C) Only updating documents on the audit day
D) Waiting for audit feedback

A) Promote only by seniority
B) No career path, only daily tasks
C) Create a competency-based career ladder with mandatory training milestones, certifications, and mentorships tied to promotions
D) Promote relatives of managers

A) Replace documentation without action
B) Ignore to keep numbers clean
C) Immediately investigate, validate qualifications, discipline per policy, notify licensing board if needed, and remediate training gaps
D) Terminate entire staff at once

A) Clear roles/responsibilities, communication protocols, legal compliance steps, and training/testing schedules
B) Only evacuation routes
C) Only a list of emergency contacts without procedures
D) A vague description of roles

A) No contract needed
B) Only verbal assurances from vendor
C) Vendor qualification, standard operating procedures, data protection clauses, and periodic verification audits
D) Full delegation without oversight

A) Clear, consistent disciplinary procedures with due process and appeals, proportionate sanctions, and rehabilitation options
B) No discipline to avoid conflict
C) Punishments only for low-ranking personnel
D) Arbitrary punishments to deter misconduct

A) Number of client complaints ignored
B) Number of social media posts about compliance
C) Total number of guards hired this year
D) Percentage of staff current with licensing, passing rates on competency tests, and reduction in incident recurrence

A) Cheaper vendor to save funds
B) Accredited vendor to ensure compliance and quality of professional competency
C) Choose randomly
D) Use in-house unstructured training only

A) Never share any data
B) Only verbal summaries without records
C) Share raw staff notes
D) Standardized incident reports with factual details, timelines, and corrective actions while protecting privacy and legal rights

A) Deploy immediately to gain advantage
B) Halt deployment until legal compliance review, risk assessment, and policy updates are completed
C) Ignore licensing and assume no consequences
D) Deploy selectively without oversight

A) Call supervisor only after incident
B) Escort the customer off premises immediately without documentation
C) Use force to end argument
D) Apply verbal de-escalation, preserve evidence, capture witness statements, and file an objective incident report for investigative follow-up

A) Mark complaint as resolved without investigation
B) Fire the guard immediately without assessment
C) Blame the complainant
D) Analyze training records, situational transcripts, supervisor oversight, and cultural-competency gaps to redesign training modules

A) Watch a video about investigations
B) Only practice radio communication
C) Simulate a complex theft, require teams to collect evidence lawfully, interview witnesses, chain evidence, analyze motive, and prepare prosecutable documentation
D) Memorize the steps of filing a report

A) Ignore unless theft occurs
B) Secure the area, discreetly observe, collect non-intrusive intelligence, escalate to authorized investigators, and preserve chain of custody for any evidence
C) Confront aggressively and interrogate
D) Publicly accuse individuals

A) Blame CCTV system
B) Cross-check access logs, interview guards and staff, analyze patterns, seek physical evidence, and map possible timelines to reconstruct events
C) Accept client’s claim without verification
D) Replace missing item immediately

A) Multiple-choice Only
B) Timed obstacle course
C) A practical exercise presenting ambiguous threat levels where trainee articulates proportional response, legal justification, and post-incident reporting steps
D) True/false quiz

A) Evaluate request, seek management approval, document exceptions, and ensure legal and safety approvals are met before altering protocols
B) Handle privately without documentation
C) Refuse all VIP requests automatically
D) Grant all VIP requests regardless of policy

A) Send a company-wide email accusing staff
B) Initiate discreet intelligence collection, limit disclosure to need-to-know, correlate access histories, and coordinate with HR and legal before a covert operation or disciplinary action
C) Ignore the possibility
D) Accuse the suspected employee publicly

A) Evacuate only employees and leave customers
B) Lock doors and continue operations
C) Evacuate without informing customers of exits
D) Provide clear, calm instructions, designate staff to assist vulnerable customers, communicate updates, and ensure post-evacuation accountability and client communications

A) Ignore contradictions and accept the first statement
B) Choose the statement that fits a manager’s preconception
C) Discard all statements as unreliable
D) Cross-validate statements with physical evidence, timelines, and CCTV; assess witness credibility and corroborate with independent sources

A) Watching sample report videos
B) Reading sample reports
C) Copying a template report
D) Trainees must draft a full investigative report from a simulated incident, including chain-of-custody forms, legal considerations, and executive summary for stakeholders

A) Never detain to avoid trouble
B) Always detain suspects regardless of evidence
C) Evaluate probable cause, safety, legal authority, risk to the public, and document justification for detention consistent with law and organizational policy
D) Detain only if manager is present

A) Withhold all incident information
B) Implement a confidential incident feedback loop, transparent service-level reporting, and regular stakeholder briefings while protecting sensitive intelligence
C) Share raw intelligence files externally
D) Market and publicize internal investigations widely

A) Continue searching without reporting
B) Post chase details on social media
C) Ignore documenting the chase
D) Immediately secure scene, interview witnesses, note pursuit details (times, directions), coordinate with police, and ensure bodycam/CCTV capture preserved

A) Number of compliments only
B) Number of calls to security center
C) Response time, resolution effectiveness, lawful conduct incidents, follow-up documentation quality, and client satisfaction surveys analyzed for training gaps
D) Number of guard selfies with clients

A) Focus only on physical security
B) Integrate physical forensics, digital forensics, personnel access records, vendor contract review, and external threat intelligence to determine motive and actors
C) Fire a random employee to deter sabotage
D) Blame external competitors without proof

A) Ignore since performance is otherwise good
B) Facilitate scenario-based bias-awareness training, role-play customer-relations simulations, and evaluate behavior changes through supervision and feedback
C) Give a written warning only
D) Immediately terminate the trainee

A) Use raw messages with no analysis
B) Executive summary, threat assessment with evidence, impact analysis, recommended mitigations, and prioritized action plan with resource estimates
C) Long narrative without conclusions
D) Bullet list of rumors

A) Let anyone access phone to look for info
B) Isolate device (airplane mode), document chain-of-custody, avoid powering on/off unnecessarily, and coordinate with digital forensics specialists for imaging
C) Hand phone to client for safekeeping
D) Post images from the phone on social media

A) Ignore clients to avoid panic
B) Provide a generic press release only
C) Provide transparent incident report, outline corrective actions, offer remediation where appropriate, and solicit client feedback for continuous improvement
D) Blame clients for causing incident

A) Review vendor access logs, reconcile deliveries, interview staff, and recommend vendor audits and strengthened access controls
B) Ignore since thefts are petty
C) Remove vendor without cause
D) Confront vendor employees immediately

A) Practical casework assessment requiring chain-of-custody, witness interview, analytical timeline, and prosecutable report reviewed by external expert
B) Quiz on definitions
C) Asking trainees if they feel confident
D) Observing attendance only

A) Immediately arrest the person without cause
B) Assess card ownership via access logs, interview the person, secure evidence, and detain only if probable cause exists and legal authority is clear
C) Destroy the keycard to prevent misuse
D) Ignore the keycard since it’s not a weapon

A) Replace training with memos
B) Cancel all investigative training
C) Prioritize scenario-based, high-impact modules (e.g., evidence handling, interview skills), cross-train supervisors, and use blended learning to save costs
D) Outsource all training abroad

A) Confront publicly and humiliate the staff member
B) Copy the senior staff’s behavior
C) Ignore due to seniority
D) Discreetly document the breach, report via appropriate channels, and follow up with a compliance investigation regardless of rank

A) Comparative incident trend analysis with heat maps, root-cause insights, and prioritized remediation recommendations across sites
B) A single site’s incident report only
C) One-line email saying “everything’s fine”
D) Raw incident logs with no analysis

A) Leaving the area immediately
B) Hiding from the drill
C) Shouting to scare suspect away
D) Developing a controlled, multi-step response integrating de-escalation, team coordination, evidence preservation, and post-incident documentation plan

A) Offer witnesses money to change statements
B) Allow informal interviews with no record
C) Use structured interview protocols, record sessions (where legal), document non-leading questioning, and protect witness confidentiality to maintain credibility
D) Encourage leading questions to speed up results

A) Only pursue tasks that are easy
B) Randomly choose tasks
C) Prioritize by risk (likelihood × impact), feasibility, legal constraints, and potential to prevent harm, then assign resources accordingly
D) Act on the first tip received

A) Include hearsay as fact
B) Produce objective, chronological facts, corroborate with evidence, avoid opinion, and include evidence logs and witness details for legal scrutiny
C) Write emotional descriptions to sway court
D) Omit inconvenient facts

A) Replace lock hardware only
B) Hand the problem to the client
C) Immediately hire more guards
D) Conduct a site survey mapping vulnerabilities, crime patterns, access points, lighting, CCTV blind spots, and then match controls to quantified risk priorities

A) Choose the cheaper option
B) Pick both regardless of budget
C) Perform cost-benefit analysis, consider residual risk, deterrence effects, and long-term total cost of ownership before selecting a layered solution
D) Flip a coin

A) Implement urgent background checks for critical roles, temporary restrictions on sensitive access, and a schedule to complete checks for all relevant staff
B) Ignore the oversight
C) Wait for an incident to act
D) Fire all unvetted personnel immediately

A) Ban all internal copying
B) Allow anyone access if they request it
C) Store all records outside the facility only
D) Introduce classification levels, need-to-know access, logging of sensitive document handling, and secure disposal procedures balanced with business needs

A) The coffee vending machine
B) Evacuation communications, emergency medical response coordination, and secured access to critical safety systems
C) Payroll processing
D) Marketing campaign systems

A) Testimonials without data
B) Photo of new equipment only
C) Pilot implementation with metrics: incident rates pre/post, penetration test results, and quantitative risk reduction modeling
D) Verbal assurance only

A) Ignore both risk and appearance
B) Opt for an ornamental fence for appearance only
C) Recommend a layered approach: discreet intrusion detection, natural surveillance improvements (lighting/landscaping), and targeted fencing where risk justifies it
D) Build the thickest, most aggressive fence possible regardless of impact

A) Implement access controls, encryption, audit logging, role-based permissions, and a documented retention/destruction policy before digitization
B) Save on local desktops only
C) Post files on a public drive for convenience
D) Only password-protect with a generic password

A) Close operations until supplier returns
B) Blame the supplier publicly
C) Activate contingency suppliers, prioritize critical processes for recovery, implement manual fallback procedures, and communicate with stakeholders per the BCP
D) Hope the supplier resumes quickly

A) Allow tailgating during busy hours
B) Increase gate height alone
C) Replace guards with a single camera only
D) Combine physical barriers, access credential upgrades, anti-tailgate technology, staff training, and monitoring with enforcement policies and sanctions

A) Fire a random staff member
B) Map the leak pathway (who had access), review controls, interview staff, assess extent of compromise, and implement technical/administrative remediations and monitoring
C) Delete the breached files to hide the issue
D) Ignore if not publicized

A) Ignore such threats entirely
B) Accept where cost of mitigation exceeds impact, but monitor and periodically reassess; implement low-cost controls where feasible
C) Spend maximum budget to eliminate them entirely
D) Wait until something happens before deciding

A) Give administrators full access with no oversight
B) Use a single master password for ease
C) Remove all admin privileges from everyone permanently
D) Implement least-privilege access, session monitoring, privileged access management, and documented emergency override procedures with audit trails

A) Outsource risk to contractors
B) Start production immediately and adapt later
C) Rely on insurance to cover problems
D) Conduct a targeted risk assessment, integrate controls into process design, update BCP and recovery priorities, and train staff before commissioning

A) Place them only where cosmetically appropriate
B) Place cameras randomly to cover all walls
C) Use threat scenarios, sightlines, lighting conditions, image retention needs, privacy impacts, and integration with response procedures to optimize placement
D) Cover only entrances and ignore interior zones

A) Delete the document and hope for the best
B) Ignore unless someone complains
C) Contain exposure, assess scope, notify affected parties per policy, apply legal/PR strategies, and strengthen access controls to prevent recurrence
D) Blame the IT department without analysis

A) Allow open access to foster collaboration
B) Lock doors only
C) Only increase signage about confidentiality
D) Access control, visitor vetting, CCTV, data segmentation, endpoint protection, and strict document handling policies with staff vetting and monitoring

A) Dismiss the failure as a fluke
B) Cancel future drills to avoid failures
C) Replace the generator with the same model without analysis
D) Conduct root-cause analysis, test redundancy, evaluate manual workarounds, update recovery time objectives (RTOs), and schedule corrective maintenance and alternate backup sources

A) Use risk-based prioritization focusing on high-impact events first, adopt proportional controls, and incorporate scalable contingency options
B) Only plan for everyday minor events
C) Treat all events equally
D) Only buy the most expensive mitigation available

A) Only check identity documents
B) Hire friends of management only
C) Hire quickly without vetting to fill vacancies
D) Require multi-source reference checks, financial background screenings, integrity testing, and role-specific monitoring with separation of duties

A) Cancel backups altogether
B) No change is needed; cloud providers are always reliable
C) Rely on on-premises tapes only without testing
D) Single-point-of-failure in vendor dependency; recommend multi-region/backups, contractual SLAs, and test restores to ensure recovery capability

A) Use bolt locks that require keys and prevent escape
B) Use alarmed, access-controlled doors that comply with egress codes (fail-safe mechanisms), combined with monitoring and clear signage to preserve life-safety while securing areas
C) Keep the corridor unlocked for convenience
D) Block the corridor to prevent unauthorized access

A) Let each department do as they wish
B) Implement enterprise-wide classification policy, training, and enforcement with tools for labeling and automated controls tied to BCP priorities
C) Delete old classifications
D) Outsource classification to an external vendor with no integration

A) Group similar risks, assess aggregated impact, reprioritize by combined likelihood and impact, and address clusters with single controls where effective
B) Treat low-priority items first
C) Spend budget evenly across all items
D) Discard all low-priority risks entirely

A) Ignore since utilities are low profile
B) Remove all utility entrances and relocate utilities
C) Add access control, monitoring, staff awareness, and integrate the utility entrance into patrol and CCTV coverage with procedural checks
D) Close the entrance permanently

A) Rely on the supplier’s assurances only
B) Do nothing and hope supplier remains stable
C) Develop alternate suppliers, maintain safety stock for critical items, and create contractual contingencies and rapid switch-over procedures
D) Move all production to the unstable region

A) Present quantified risk reduction, ROI estimate, incident-avoidance costs vs. implementation cost, and regulatory/compliance benefits for decision-making
B) Offer anecdotal stories only
C) Says it looks more professional
D) Claim it is mandatory without evidence

A) A tabletop exercise only every five years
B) Outsource testing and ignore results
C) Regular drills of full-scale recovery, desktop scenario testing, supplier continuity tests, and evidence-based post-exercise improvements with timelines
D) Only read the BCP document annually

A) Remove Wi-Fi entirely
B) Display passwords publicly in the lobby
C) Use the corporate network for guests
D) Implement segmented guest networks isolated from corporate resources, enforce bandwidth/security policies, and present clear acceptable-use terms

A) Assume systems will be back in time by luck
B) Reduce employee hours to save costs and hope for the best
C) Map critical processes, identify dependencies, establish recovery strategies (hot/warm sites), test restores, and align resource allocations to meet the RTO
D) Only purchase extra servers without testing

A) Reconfigure sightlines with low landscaping, optimize lighting, create natural surveillance, control access, and combine signage and territorial reinforcement to reduce crime opportunities
B) Add metal detectors only
C) Install only high fences with barbed wire
D) Add more security guards only

A) CPTED is obsolete
B) A hybrid approach that uses CPTED for long-term social prevention and targeted mechanical systems for high-risk nodes yields better resilience and community acceptance
C) Use only police patrols and nothing else
D) Mechanistic security always wins

A) Keep blind corridors and increase patrols only
B) Add murals to decorate blind spots only
C) Close the corridors permanently
D) Introduce transparency (glass), natural surveillance points, mirrored sightlines, and controlled access while maintaining aesthetic coherence

A) Design inclusive public spaces with active uses (cafés, vendor stalls), adequate lighting, seating that discourages long-term loitering in sensitive areas, and community policing initiatives
B) Enforce blanket anti-loitering laws harshly
C) Remove seating entirely to prevent anyone from staying
D) Close the space at night permanently

A) Cover the façade with solid metal plates
B) Hide guards in basements only
C) Use architectural features (bollards disguised as planters, setback landscaping, and reinforced glazing) that provide protection without visible fortress aesthetics
D) Add visible armed sentries on every corner of the roof

A) Ban parking entirely
B) Install random spikes that damage tires to stop parking
C) Reorganize parking into well-lit, surveilled zones, increase natural surveillance through foot traffic patterns, add controlled access points, and run community awareness campaigns
D) Only hand out pamphlets about theft prevention

A) Randomly place shops with no planning
B) Distributed nodes with clear sightlines, controlled access points, and secure back-of-house circulation to reduce single-point-target risk and support emergency egress
C) One concentrated atrium for maximum density
D) Hide all shops behind secured doors only accessible by staff

A) Only technology can prevent crime, community engagement is irrelevant
B) Community engagement slows down planning
C) Engaged communities increase social cohesion, informal guardianship, and long-term deterrence, reducing reliance on costly mechanical controls and improving legitimacy of security measures
D) Community input always increases crime

A) Build a separate modern structure next to the heritage site and move everything there
B) Use reversible, non-invasive security installations (discreet cameras, mobile access solutions, sympathetic barriers) and collaborate with conservationists to maintain historical integrity while improving protection
C) Replace the heritage site with a modern fortress
D) Ignore security to preserve authenticity

A) Use graduated measures (landscaped barriers, retractable bollards, widened sidewalks, setback café zones) combined with pedestrian experience analysis and emergency access planning to balance protection and livability
B) Install visible concrete blocks everywhere
C) Use temporary measures only during festivals
D) Close the promenade to the public permanently