Which of the following best ensures accountability of users for the actions taken within a system or domain?
Answer(s): B
Details:The only way to ensure accountability is if the subject is uniquely identified and authenticated. Identification alone does not provide proof the user is who they claim to be. After showing proper credentials, a user is authorized access to resources.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 126).
Which of the following statements pertaining to biometrics is FALSE?
Answer(s): C
As this is not a characteristic of Biometrics this is the rigth choice for this question. This is one of the three basic way authentication can be performed and it is not related to Biometrics. Example of something you know would be a password or PIN for example.Please make a note of the negative 'FALSE' within the question. This question may seem tricky to some of you but you would be amazed at how many people cannot deal with negative questions. There will be a few negative questions within the real exam, just like this one the keyword NOT or FALSE will be in Uppercase to clearly indicate that it is negative.Biometrics verifies an individual's identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of performing authentication (one to one matching) or identification (a one to many matching).A biometric system scans an attribute or behavior of a person and compares it to a template store within an authentication server datbase, such template would be created in an earlier enrollment process. Because this system inspects the grooves of a person's fingerprint, the pattern of someone's retina, or the pitches of someone's voice, it has to be extremely sensitive.The system must perform accurate and repeatable measurements of anatomical or physiological characteristics. This type of sensitivity can easily cause false positives or false negatives. The system must be calibrated so that these false positives and false negatives occur infrequently and the results are as accurate as possible.There are two types of failures in biometric identification:False Rejection also called False Rejection Rate (FRR) -- The system fail to recognize a legitimate user. While it could be argued that this has the effect of keeping the protected area extra secure, it is an intolerable frustration to legitimate users who are refused access because the scanner does not recognize them.False Acceptance or False Acceptance Rate (FAR) -- This is an erroneous recognition, either by confusing one user with another or by accepting an imposter as a legitimate user.Physiological Examples:Unique Physical Attributes:Fingerprint (Most commonly accepted)Hand GeometryRetina Scan (Most accurate but most intrusive)Iris ScanVascular ScanBehavioral Examples:Repeated ActionsKeystroke Dynamics(Dwell time (the time a key is pressed) and Flight time (the time between "key up" and the next "key down").Signature Dynamics(Stroke and pressure points)EXAM TIP:Retina scan devices are the most accurate but also the most invasive biometrics system available today. The continuity of the retinal pattern throughout life and the difficulty in fooling such a device also make it a great long-term, high-security option. Unfortunately, the cost of the proprietary hardware as well the stigma of users thinking it is potentially harmful to the eye makes retinalscanning a bad fit for most situations.Remember for the exam that fingerprints are the most commonly accepted type of biometrics system.The other answers are incorrect:'Users can be authenticated based on behavior.' is incorrect as this choice is TRUE as it pertains to BIOMETRICS.Biometrics systems makes use of unique physical characteristics or behavior of users.'User can be authenticated based on unique physical attributes.' is also incorrect as this choice is also TRUE as it pertains to BIOMETRICS. Biometrics systems makes use of unique physical characteristics or behavior of users.'A biometric system's accuracy is determined by its crossover error rate (CER)' is also incorrect as this is TRUE as it also pertains to BIOMETRICS. The CER is the point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more accurate the system.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25353-25356). Auerbach Publications. Kindle Edition.andHernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25297-25303). Auerbach Publications. Kindle Edition.
Which of the following biometric devices offers the LOWEST CER?
From most effective (lowest CER) to least effective (highest CER) are:Iris scan, fingerprint, voice verification, keystroke dynamics. Reference : Shon Harris Aio v3 , Chapter-4 : Access Control , Page : 131 Also see: http://www.sans.org/reading_room/whitepapers/authentication/biometric-selection-body- parts-online_139
Which of the following is the LEAST user accepted biometric device?
The biometric device that is least user accepted is the retina scan, where a system scans the blood-vessel pattern on the backside of the eyeball. When using this device, an individual has to place their eye up to a device, and may require a puff of air to be blown into the eye. The iris scan only needs for an individual to glance at a camera that could be placed above a door.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 131).
Which of the following is the WEAKEST authentication mechanism?
Most of the time users usually choose passwords which can be guessed , hence passwords is the BEST answer out of the choices listed above.The following answers are incorrect because :Passphrases is incorrect as it is more secure than a password because it is longer.One-time passwords is incorrect as the name states , it is good for only once and cannot be reused.Token devices is incorrect as this is also a password generator and is an one time password mechanism.
Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 139 , 142.
Share your comments for ISC SSCP exam with other users:
question # 267: federated operating model is also correct.
its helpful alot.
the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.
it is an exam that measures your understanding of cloud computing resources provided by aws. these resources are aligned under 6 categories: storage, compute, database, infrastructure, pricing and network. with all of the services and typees of services under each category
good and very useful
i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
easy questions
could you please upload ad0-127 dumps
good content
understanding about joins
please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.
questions made studying easy and enjoyable, passed on the first try!
has anyone recently attended safe 6.0 exam? did you see any questions from here?
question 13 should be dhcp option 43, right?
the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
is this dump good
good ................
passed
yes going good
good questions for practice
need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
question 11: d i personally feel some answers are wrong.
nice questions
looking for c1000-158: ibm cloud technical advocate v4 questions
can you share the pdf
admin ii is real technical stuff
could you post the link
hello send me dumps
it is very nice
i gave the amazon dva-c02 tests today and passed. very helpful.
there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
i need it, plz make it available
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.