Which of the following statements pertaining to biometrics is false?
Correct Answer: D
Authentication is based on three factor types: type 1 is something you know, type 2 is something you have and type 3 is something you are. Biometrics are based on the Type 3 authentication mechanism. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 37).
CISSP Exam Question 372
Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?
Correct Answer: A
Selecting and Alternate Site would not be done within the initial BIA. It would be done at a later stage of the BCP and DRP recovery effort. All of the other choices were steps that would be conducted during the BIA. See below the list of steps that would be done during the BIA. A BIA (business impact analysis ) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions ; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function's criticality level. BIA Steps 1.Select individuals to interview for data gathering. 2.Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3.Identify the company's critical business functions. 4.Identify the resources these functions depend upon. 5.Calculate how long these functions can survive without these resources. 6.Identify vulnerabilities and threats to these functions. 7.Calculate the risk for each different business function. 8.Document findings and report them to management. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 905-909). McGraw-Hill. Kindle Edition.
CISSP Exam Question 373
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of
Correct Answer: D
Section: Software Development Security
CISSP Exam Question 374
In addition to accuracy, a biometric system has additional factors that determine its effectiveness. Which one of the following listed items is NOT one of these additional factors?
Correct Answer: A
A corpus is a biometric term that refers to collected biometric images. The corpus is stored in a database of images. Potential sources of error are the corruption of images during collection and mislabeling or other transcription problems associated with the database. Therefore, the image collection, process and storage must be performed carefully with constant checking. These images are collected during the enrollment process and thus, are critical to the correct operation of the biometric device. In enrollment, images are collected and features are extracted, but no comparison occurs. The information is stored for use in future comparison steps. Answer a, the throughput rate, refers to the rate at which individuals, once enrolled, can be processed by a biometric system. If an individual is being authenticated, the biometric system will take a sample of the individual's characteristic to be evaluated and compare it to a template. A metric called distance is used to determine if the sample matches the template. Distance is the difference between the quantitative measure of the sample and the template. If the distance falls within a threshold value, a match is declared. If not, there is no match. * Answer "acceptability" is determined by privacy issues, invasiveness, and psychological and physical comfort when using the biometric system. *"Enrollment time" is the time it takes to initially register with a system by providing samples of the biometric characteristic to be evaluated.
CISSP Exam Question 375
The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison of Commercial and Military Computer Security Policies, Proceedings of the 1987 IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on what two concepts?
Correct Answer: C
The Clark-Wilson Model is a model focused on the needs of the commercial world and is based on the theory that integrity is more important than confidentiality for commercial organizations. Further, the model incorporates the commercial concepts of separation of duty and wellformed transactions. The well-formed transaction of the model is implemented by the transformation procedure (TP.)ATP is defined in the model as the mechanism for transforming the set of constrained data items (CDIs) from one valid state of integrity to another valid state of integrity. The Clark-Wilson Model defines rules for separation of duty that denote the relations between a user, TPs, and the CDIs that can be operated upon by those TPs. The model talks about the access triple that is the user, the program that is permitted to operate on the data, and the data. The other answers are distracters.
