Monitoring Physical Access

Physical access controls are stronger when they can be monitored and reviewed. A locked door is useful, but a locked door with a badge reader, alarm, camera, and response process is stronger. Monitoring helps answer basic incident questions: Who entered? When? Where? Was the entry authorized? Did someone force or prop the door? Did the person who entered match the credential used?

Guards

Security guards provide judgment that devices cannot. A guard can compare a badge photo to a face, challenge an unknown person, direct visitors, observe suspicious behavior, and call for help. Guards can also make mistakes, so they need procedures, training, post orders, and escalation paths. A guard should know what to do when a delivery arrives without an appointment, when a badge does not match a person, or when an employee asks to bring a visitor into a restricted area.

Guards can be preventive, detective, deterrent, and responsive depending on the scenario. Their visible presence may deter unauthorized entry. Their challenge at a door may prevent it. Their observation of someone entering through an emergency exit may detect it. Their call to facilities after a door alarm may start response.

CCTV

CCTV, or closed-circuit television, provides visual monitoring or recording. Cameras are useful at entrances, exits, loading docks, parking areas, server room doors, cash handling areas, and other sensitive points. However, CCTV does not automatically stop entry unless paired with a response process. A camera that nobody monitors and whose footage is overwritten too quickly may provide little value after an incident.

Good camera programs consider field of view, lighting, retention, privacy, time synchronization, and access to recordings. Time synchronization matters because camera footage may need to match badge logs, alarm events, and IT logs.

Alarms

Alarms create signals when something needs attention. Door forced alarms indicate entry without normal credential use. Door held alarms indicate a door stayed open too long. Motion alarms detect movement in a protected area. Environmental alarms may detect smoke, water, temperature, or humidity issues that threaten equipment availability.

An alarm is only useful if someone receives it, understands it, and responds. A repeated door-held alarm that everyone ignores becomes background noise. Teams should tune alarm thresholds, fix root causes, and document response.

Logs and Correlation

Physical logs include badge events, visitor sign-ins, guard logs, delivery records, alarm records, camera access records, and maintenance entries. During an investigation, these can be correlated with logical logs. For example, if an administrator account changed firewall rules at 2:10 a.m., badge logs and CCTV may show whether the administrator was physically in the office or whether the account was used remotely.

Scenario: Server Room Door Alarm

At 11:47 p.m., a door-held alarm triggers for the server room. Badge logs show an authorized facilities employee entered at 11:43 p.m. CCTV shows the employee propped the door while carrying tools. The guard log shows no scheduled maintenance. This may be a policy violation, a misunderstanding, or suspicious activity. The response should verify the person's identity, confirm whether work was approved, close the door, document the event, and escalate if anything is missing or damaged.

Exam Focus

Do not treat monitoring tools as magic. CCTV, alarms, and logs provide information. Guards and response procedures turn that information into action. The strongest answer often combines multiple records to establish identity, authorization, time, and location.

High-Yield Checkpoints

• Guards provide human judgment, deterrence, verification, and response at physical checkpoints.
• CCTV supports monitoring and investigation but does not replace access control.
• Alarms notify responders about forced doors, propped doors, motion, glass break, or environmental events.
• Logs connect physical events to identity, time, location, and investigation records.
• Physical monitoring is strongest when cameras, guards, alarms, and badge logs are correlated.