IAHSS Advanced Officer Certification Exam
Prep Document 2026/2027 | Healthcare
Security & Safety | 100 Verified Questions
with Detailed Explanations
Section 1: Security Operations & Access Control (Questions 1–20)
Q1: A hospital security officer observes an individual attempting to tailgate through a secure staff
entrance behind a physician. The individual claims to be a vendor with an appointment. What is the
officer's first priority action?
A. Allow the individual to enter since they have an appointment with a physician
B. Escort the individual to the security desk for full credential verification and visitor registration.
[CORRECT]
C. Ask the physician to vouch for the individual and document the physician's name
D. Deny entry and instruct the individual to use the public entrance only
Correct Answer: B
Rationale: All individuals entering secure areas must be properly credentialed and registered per IAHSS
access control standards; escorting to the security desk ensures verification without compromising the
secure entrance. The physician's presence does not substitute for proper visitor management protocols.
Q2: During a routine patrol, an officer discovers an access control card reader that has been physically
tampered with and appears non-functional. What is the most appropriate immediate response?
A. Place a "Out of Order" sign on the reader and continue the patrol route
B. Notify the security supervisor and post a temporary officer at the location until repairs are completed.
[CORRECT]
C. Attempt to repair the reader using basic tools from the patrol vehicle
D. Document the finding in the daily log and report it at shift change
Correct Answer: B
Rationale: A compromised access control point creates an immediate security vulnerability; posting an
officer maintains physical security while the supervisor coordinates repair and investigation per IAHSS
facility protection protocols.
,Q3: A security officer is conducting a patrol of the parking garage at 0200 hours and notices a vehicle
with its trunk open and no visible owner. The vehicle is parked in a physician-reserved space. What is
the appropriate next step?
A. Close the trunk and leave a note on the windshield
B. Secure the area, document the vehicle information, and notify the security operations center for
owner contact attempt. [CORRECT]
C. Immediately search the vehicle for contraband or stolen property
D. Have the vehicle towed to impound for unauthorized parking
Correct Answer: B
Rationale: Securing the scene and attempting owner contact balances property protection with respect
for physician parking privileges; immediate search or towing without due process violates procedural
standards and could create liability.
Q4: An infant abduction alarm is activated from the maternity unit. The security control room receives
the alert. What is the first action the control room officer must take?
A. Dispatch all available officers to the maternity unit immediately
B. Initiate the infant abduction protocol: lock down designated exit points, review CCTV for suspect
description, and notify local law enforcement and nursing supervisor simultaneously. [CORRECT]
C. Call the nursing supervisor to verify if the alarm is a drill or real event
D. Send a single officer to investigate the alarm source before taking further action
Correct Answer: B
Rationale: Infant abduction protocols require immediate, simultaneous activation of lockdown,
surveillance review, and law enforcement notification; delays for verification or limited response
compromise the critical first minutes of recovery.
Q5: A security officer is asked by nursing staff to remove an aggressive visitor from a patient room. The
visitor is the patient's adult child and is yelling at the nursing staff. What is the officer's primary
consideration before taking action?
A. Whether the visitor has a legal right to be present as next of kin
B. Assessing whether the visitor's behavior constitutes a threat to patient safety, staff safety, or disrupts
clinical operations. [CORRECT]
C. Determining if the visitor has a concealed weapons permit
D. Checking if the visitor has previously been banned from the facility
,Correct Answer: B
Rationale: The officer's authority to remove a visitor is based on behavioral threat assessment and
disruption to care, not relationship status; this aligns with IAHSS standards for visitor management and
patient safety prioritization.
Q6: During a night shift, an officer discovers that a contractor has propped open a fire exit door in the
surgical suite to facilitate equipment movement. What is the correct response?
A. Allow the door to remain propped open until the contractor finishes, then secure it
B. Instruct the contractor to immediately close the door, explain the security and life safety violation,
and notify the supervisor and facilities management. [CORRECT]
C. Remove the door prop and lock the door without speaking to the contractor
D. Document the violation and issue a formal citation to the contractor
Correct Answer: B
Rationale: Fire exit doors must remain closed to maintain fire compartmentalization and prevent
unauthorized access; immediate correction with supervisor notification ensures both life safety
compliance and contractor accountability per Joint Commission and IAHSS standards.
Q7: A security officer is monitoring CCTV and observes a person in street clothes walking through a
restricted clinical corridor carrying a backpack. The person does not appear to have an ID badge visible.
What is the appropriate response sequence?
A. Immediately confront the person physically and demand identification
B. Dispatch the nearest officer to make a professional contact, verify authorization to be in the area, and
escort to appropriate public areas if unauthorized. [CORRECT]
C. Ignore the observation unless the person enters a patient room
D. Announce over the public address system for the individual to report to security
Correct Answer: B
Rationale: Professional contact allows for authorization verification while maintaining a non-
confrontational approach; physical confrontation or public announcements escalate risk unnecessarily,
while ignoring the observation violates proactive security principles.
Q8: An officer is conducting an access control audit and finds that a former employee's access
credentials were never deactivated in the system. The employee was terminated six weeks ago. What is
the most critical immediate action?
, A. Deactivate the credentials and conduct a retroactive audit of all access logs for that credential since
termination. [CORRECT]
B. Deactivate the credentials and add a note to the employee's personnel file
C. Contact the former employee to return the physical access card
D. Report the finding to HR but take no action with the credentials until HR responds
Correct Answer: A
Rationale: Immediate deactivation prevents unauthorized access, and the retroactive log audit is
essential to determine if the credential was used improperly, fulfilling IAHSS due diligence requirements
for terminated personnel access management.
Q9: A hospital is implementing a new electronic key management system for high-security areas such as
the pharmacy and data center. What is the most important security consideration during the transition
period?
A. Keeping the old mechanical keys active as backup during the first month
B. Ensuring dual-control procedures, audit trails, and immediate revocation capabilities are functional
before full deployment. [CORRECT]
C. Training only the security supervisor on the new system to prevent confusion
D. Issuing electronic credentials to all staff simultaneously to expedite implementation
Correct Answer: B
Rationale: Dual-control, audit trails, and immediate revocation are fundamental to high-security key
management; maintaining old keys or bypassing proper controls during transition creates vulnerabilities
that compromise the entire system's integrity.
Q10: An officer responds to a report of a suspicious package left near the main entrance. The package is
unmarked, partially wrapped in brown paper, and has a visible wire protruding from it. What is the
immediate protocol?
A. Open the package carefully to determine its contents
B. Evacuate the immediate area, establish a perimeter, and notify law enforcement and the bomb squad
per the facility's suspicious package protocol. [CORRECT]
C. Move the package to a less populated area of the campus
D. Take a photograph of the package for documentation before touching it
Correct Answer: B
Rationale: Any package with unusual characteristics (unmarked, visible wires) must be treated as a
potential explosive device; evacuation and law enforcement notification are the only appropriate
responses per IAHSS and DHS suspicious package protocols.
Prep Document 2026/2027 | Healthcare
Security & Safety | 100 Verified Questions
with Detailed Explanations
Section 1: Security Operations & Access Control (Questions 1–20)
Q1: A hospital security officer observes an individual attempting to tailgate through a secure staff
entrance behind a physician. The individual claims to be a vendor with an appointment. What is the
officer's first priority action?
A. Allow the individual to enter since they have an appointment with a physician
B. Escort the individual to the security desk for full credential verification and visitor registration.
[CORRECT]
C. Ask the physician to vouch for the individual and document the physician's name
D. Deny entry and instruct the individual to use the public entrance only
Correct Answer: B
Rationale: All individuals entering secure areas must be properly credentialed and registered per IAHSS
access control standards; escorting to the security desk ensures verification without compromising the
secure entrance. The physician's presence does not substitute for proper visitor management protocols.
Q2: During a routine patrol, an officer discovers an access control card reader that has been physically
tampered with and appears non-functional. What is the most appropriate immediate response?
A. Place a "Out of Order" sign on the reader and continue the patrol route
B. Notify the security supervisor and post a temporary officer at the location until repairs are completed.
[CORRECT]
C. Attempt to repair the reader using basic tools from the patrol vehicle
D. Document the finding in the daily log and report it at shift change
Correct Answer: B
Rationale: A compromised access control point creates an immediate security vulnerability; posting an
officer maintains physical security while the supervisor coordinates repair and investigation per IAHSS
facility protection protocols.
,Q3: A security officer is conducting a patrol of the parking garage at 0200 hours and notices a vehicle
with its trunk open and no visible owner. The vehicle is parked in a physician-reserved space. What is
the appropriate next step?
A. Close the trunk and leave a note on the windshield
B. Secure the area, document the vehicle information, and notify the security operations center for
owner contact attempt. [CORRECT]
C. Immediately search the vehicle for contraband or stolen property
D. Have the vehicle towed to impound for unauthorized parking
Correct Answer: B
Rationale: Securing the scene and attempting owner contact balances property protection with respect
for physician parking privileges; immediate search or towing without due process violates procedural
standards and could create liability.
Q4: An infant abduction alarm is activated from the maternity unit. The security control room receives
the alert. What is the first action the control room officer must take?
A. Dispatch all available officers to the maternity unit immediately
B. Initiate the infant abduction protocol: lock down designated exit points, review CCTV for suspect
description, and notify local law enforcement and nursing supervisor simultaneously. [CORRECT]
C. Call the nursing supervisor to verify if the alarm is a drill or real event
D. Send a single officer to investigate the alarm source before taking further action
Correct Answer: B
Rationale: Infant abduction protocols require immediate, simultaneous activation of lockdown,
surveillance review, and law enforcement notification; delays for verification or limited response
compromise the critical first minutes of recovery.
Q5: A security officer is asked by nursing staff to remove an aggressive visitor from a patient room. The
visitor is the patient's adult child and is yelling at the nursing staff. What is the officer's primary
consideration before taking action?
A. Whether the visitor has a legal right to be present as next of kin
B. Assessing whether the visitor's behavior constitutes a threat to patient safety, staff safety, or disrupts
clinical operations. [CORRECT]
C. Determining if the visitor has a concealed weapons permit
D. Checking if the visitor has previously been banned from the facility
,Correct Answer: B
Rationale: The officer's authority to remove a visitor is based on behavioral threat assessment and
disruption to care, not relationship status; this aligns with IAHSS standards for visitor management and
patient safety prioritization.
Q6: During a night shift, an officer discovers that a contractor has propped open a fire exit door in the
surgical suite to facilitate equipment movement. What is the correct response?
A. Allow the door to remain propped open until the contractor finishes, then secure it
B. Instruct the contractor to immediately close the door, explain the security and life safety violation,
and notify the supervisor and facilities management. [CORRECT]
C. Remove the door prop and lock the door without speaking to the contractor
D. Document the violation and issue a formal citation to the contractor
Correct Answer: B
Rationale: Fire exit doors must remain closed to maintain fire compartmentalization and prevent
unauthorized access; immediate correction with supervisor notification ensures both life safety
compliance and contractor accountability per Joint Commission and IAHSS standards.
Q7: A security officer is monitoring CCTV and observes a person in street clothes walking through a
restricted clinical corridor carrying a backpack. The person does not appear to have an ID badge visible.
What is the appropriate response sequence?
A. Immediately confront the person physically and demand identification
B. Dispatch the nearest officer to make a professional contact, verify authorization to be in the area, and
escort to appropriate public areas if unauthorized. [CORRECT]
C. Ignore the observation unless the person enters a patient room
D. Announce over the public address system for the individual to report to security
Correct Answer: B
Rationale: Professional contact allows for authorization verification while maintaining a non-
confrontational approach; physical confrontation or public announcements escalate risk unnecessarily,
while ignoring the observation violates proactive security principles.
Q8: An officer is conducting an access control audit and finds that a former employee's access
credentials were never deactivated in the system. The employee was terminated six weeks ago. What is
the most critical immediate action?
, A. Deactivate the credentials and conduct a retroactive audit of all access logs for that credential since
termination. [CORRECT]
B. Deactivate the credentials and add a note to the employee's personnel file
C. Contact the former employee to return the physical access card
D. Report the finding to HR but take no action with the credentials until HR responds
Correct Answer: A
Rationale: Immediate deactivation prevents unauthorized access, and the retroactive log audit is
essential to determine if the credential was used improperly, fulfilling IAHSS due diligence requirements
for terminated personnel access management.
Q9: A hospital is implementing a new electronic key management system for high-security areas such as
the pharmacy and data center. What is the most important security consideration during the transition
period?
A. Keeping the old mechanical keys active as backup during the first month
B. Ensuring dual-control procedures, audit trails, and immediate revocation capabilities are functional
before full deployment. [CORRECT]
C. Training only the security supervisor on the new system to prevent confusion
D. Issuing electronic credentials to all staff simultaneously to expedite implementation
Correct Answer: B
Rationale: Dual-control, audit trails, and immediate revocation are fundamental to high-security key
management; maintaining old keys or bypassing proper controls during transition creates vulnerabilities
that compromise the entire system's integrity.
Q10: An officer responds to a report of a suspicious package left near the main entrance. The package is
unmarked, partially wrapped in brown paper, and has a visible wire protruding from it. What is the
immediate protocol?
A. Open the package carefully to determine its contents
B. Evacuate the immediate area, establish a perimeter, and notify law enforcement and the bomb squad
per the facility's suspicious package protocol. [CORRECT]
C. Move the package to a less populated area of the campus
D. Take a photograph of the package for documentation before touching it
Correct Answer: B
Rationale: Any package with unusual characteristics (unmarked, visible wires) must be treated as a
potential explosive device; evacuation and law enforcement notification are the only appropriate
responses per IAHSS and DHS suspicious package protocols.
