Which of these is a physical security measure?

Locking server rooms is classified as a physical security measure because it directly involves safeguarding physical assets from unauthorized access or damage. This measure aims to protect hardware, data stored on servers, and other critical infrastructure by restricting entry to only authorized personnel. Implementing physical security like locks, access control systems, and surveillance cameras fundamentally helps in mitigating risks associated with theft, vandalism, or unauthorized access.

The other options are focused on cybersecurity measures rather than physical security. Regular software updates and using antivirus software are necessary for ensuring the integrity and security of software systems against malware and vulnerabilities. Employee cybersecurity training is essential for promoting awareness and best practices related to digital security among staff. However, these do not involve physical barriers or controls but rather focus on protecting information and digital assets. Thus, the focus of this question clearly identifies physical security measures, making locking server rooms the correct choice.