A stateful packet inspection firewall is a type of firewall that keeps track of the state of network connections, such as TCP sessions or UDP datagrams, and inspects the traffic in the context of a session. This means that the SPI firewall can analyze the packets not only based on the header information, such as source and destination IP addresses, ports, and protocols, but also based on the content and sequence of the packets, such as flags, sequence numbers, and payloads. This allows the SPI firewall to detect and prevent more sophisticated attacks, such as fragmentation attacks, spoofing attacks, and application layer attacks, that a stateless packet filter firewall cannot. A stateless packet filter firewall is a type of firewall that inspects the traffic on a packet-by-packet basis, and only based on the header information. It does not keep track of the state of network connections, and does not examine the content or sequence of the packets. It is faster and simpler than a stateful packet inspection firewall, but also less secure and more vulnerable to attacks34.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 457; 100 CISSP Questions, Answers and Explanations, Question 12.

Explanation/Reference:
Explanation:
Point-to-Point Protocol (PPP) is a full - duplex protocol used for the transmission of TCP/IP packets over various non-LAN connections, such as modems, ISDN, VPNs, Frame Relay, and so on. PPP permits multiple network layer protocols to operate on the same communication link.
Incorrect Answers:
A: Ethernet is a link layer protocol in the TCP/IP stack, but Ethernet is not used for serial links.
B: SLIP is a predecessor of PPP which do not support multiple network types over a single link.
D: PPTP is a tunneling protocol which uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. PPTP tunnels do not handle network types.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 683

Tripwire is an integrity checking product, triggering alarms when important files (e.g.
system or configuration files) are modified.
This is a tool that is not likely to be used by hackers, other than for studying its workings in order to
circumvent it.
Other programs are password-cracking programs and are likely to be used by security
administrators as well as by hackers. More info regarding Tripwire available on the Tripwire, Inc.
Web Site.
NOTE:
The biggest competitor to the commercial version of Tripwire is the freeware version of Tripwire.
You can get the Open Source version of Tripwire at the following URL: http://sourceforge.net/projects/tripwire/

Explanation/Reference:
Explanation:
A public posting on the internet is not secure. Compared to the internet, an intranet provides more control.
Incorrect Answers:
A: A private posting provides high security and control.
B: Ethernet is a link layer protocol in the TCP/IP stack. An Intranet is defined on the physical layer. The data link layer provides more control compared to the physical layer.
D: An extranet is a website that allows controlled access to partners, vendors and suppliers or an authorized set of customers - normally to a subset of the information accessible from an organization's intranet. As an extranet is a subset of an intranet is provides more security and control.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 661

Retina based biometric involves analyzing the layer of blood vessels situated at the back of the eye.
An established technology, this technique involves using a low-intensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient if you wear glasses or are concerned about having close contact with the reading device. For these reasons, retinal scanning is not warmly accepted by all users, even though the technology itself can work well.
For your exam you should know the information below: Biometrics Biometrics verifies an individual's identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification and not well received by society. Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric system can make authentication decisions based on an individual's behavior, as in signature dynamics, but these can change over time and possibly be forged. Biometric systems that base authentication decisions on physical attributes (such as iris, retina, or fingerprint) provide more accuracy because physical attributes typically don't change, absent some disfiguring injury, and are harder to impersonate
Biometrics is typically broken up into two different categories. The first is the physiological. These are traits that are physical attributes unique to a specific individual. Fingerprints are a common example of a physiological trait used in biometric systems. The second category of biometrics is known as behavioral. The behavioral authentication is also known as continuous authentication.
The behavioral/continuous authentication prevents session hijacking attack. This is based on a characteristic of an individual to confirm his identity. An example is signature Dynamics. Physiological is "what you are" and behavioral is "what you do."
When a biometric system rejects an authorized individual, it is called a Type I error (false rejection rate). When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate). The goal is to obtain low numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid. When comparing different biometric systems, many different variables are used, but one of the most important metrics is the crossover error rate (CER). This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the system's accuracy. A biometric system that delivers a CER of 3 will be more accurate than a system that delivers a CER of 4. Crossover error rate (CER) is also called equal error rate (EER).
Throughput describes the process of authenticating to a biometric system. This is also referred to as the biometric system response time. The primary consideration that should be put into the purchasing and implementation of biometric access control are user acceptance, accuracy and processing speed.
Biometric Considerations In addition to the access control elements of a biometric system, there are several other considerations that are important to the integrity of the control environment. These are: Resistance to counterfeiting Data storage requirements User acceptance Reliability and Target User and approach
Fingerprint Fingerprints are made up of ridge endings and bifurcations exhibited by friction ridges and other detailed characteristics called minutiae. It is the distinctiveness of these minutiae that gives each individual a unique fingerprint. An individual places his finger on a device that reads the details of the fingerprint and compares this to a reference file. If the two match, the individual's identity has been verified.
Palm Scan The palm holds a wealth of information and has many aspects that are used to identify an individual. The palm has creases, ridges, and grooves throughout that are unique to a specific person. The palm scan also includes the fingerprints of each finger. An individual places his hand on the biometric device, which scans and captures this information. This information is compared to a reference file, and the identity is either verified or rejected.
Hand Geometry The shape of a person's hand (the shape, length, and width of the hand and fingers) defines hand geometry. This trait differs significantly between people and is used in some biometric systems to verify identity. A person places her hand on a device that has grooves for each finger. The system compares the geometry of each finger, and the hand as a whole, to the information in a reference file to verify that person's identity.
Retina Scan A system that reads a person's retina scans the blood-vessel pattern of the retina on the backside of the eyeball. This pattern has shown to be extremely unique between different people. A camera is used to project a beam inside the eye and capture the pattern and compare it to a reference file recorded previously.
Iris Scan An iris scan is a passive biometric control The iris is the colored portion of the eye that surrounds the pupil. The iris has unique patterns, rifts, colors, rings, coronas, and furrows. The uniqueness of each of these characteristics within the iris is captured by a camera and compared with the information gathered during the enrollment phase. When using an iris pattern biometric system, the optical unit must be positioned so the sun does not shine into the aperture; thus, when implemented, it must have proper placement within the facility.
Signature Dynamics When a person signs a signature, usually they do so in the same manner and speed each time. Signing a signature produces electrical signals that can be captured by a biometric system. The physical motions performed when someone is signing a document create these electrical signals. The signals provide unique characteristics that can be used to distinguish one individual from another. Signature dynamics provides more information than a static signature, so there are more variables to verify when confirming an individual's identity and more assurance that this person is who he claims to be.
Keystroke Dynamics Whereas signature dynamics is a method that captures the electrical signals when a person signs a name, keystroke dynamics captures electrical signals when a person types a certain phrase. As a person types a specified phrase, the biometric system captures the speed and motions of this action. Each individual has a certain style and speed, which translate into unique signals. This type of authentication is more effective than typing in a password, because a password is easily obtainable. It is much harder to repeat a person's typing style than it is to acquire a password.
Voice Print
People's speech sounds and patterns have many subtle distinguishing differences. A biometric
system that is programmed to capture a voice print and compare it to the information held in a
reference file can differentiate one individual from another. During the enrollment process, an
individual is asked to say several different words.
Facial Scan
A system that scans a person's face takes many attributes and characteristics into account.
People have different bone structures, nose ridges, eye widths, forehead sizes, and chin shapes.
These are all captured during a facial scan and compared to an earlier captured scan held within a
reference record. If the information is a match, the person is positively identified.
Hand Topography
Whereas hand geometry looks at the size and width of an individual's hand and fingers, hand
topology looks at the different peaks and valleys of the hand, along with its overall shape and
curvature. When an individual wants to be authenticated, she places her hand on the system. Off
to one side of the system, a camera snaps a side-view picture of the hand from a different view
and angle than that of systems that target hand geometry, and thus captures different data. This
attribute is not unique enough to authenticate individuals by itself and is commonly used in
conjunction with hand geometry.
Vascular Scan
Valcular Scan uses the blood vessel under the first layer of skin.
The following answers are incorrect:
Fingerprint - Fingerprints are made up of ridge endings and bifurcations exhibited by friction ridges
and other detailed characteristics called minutiae. It is the distinctiveness of these minutiae that
gives each individual a unique fingerprint. An individual places his finger on a device that reads the
details of the fingerprint and compares this to a reference file. If the two match, the individual's
identity has been verified.
Hand Geometry - The shape of a person's hand (the shape, length, and width of the hand and
fingers) defines hand geometry. This trait differs significantly between people and is used in some
biometric systems to verify identity. A person places her hand on a device that has grooves for
each finger. The system compares the geometry of each finger, and the hand as a whole, to the
information in a reference file to verify that person's identity.
Palm Scan - The palm holds a wealth of information and has many aspects that are used to
identify an individual. The palm has creases, ridges, and grooves throughout that are unique to a
specific person. The palm scan also includes the fingerprints of each finger. An individual places
his hand on the biometric device, which scans and captures this information. This information is
compared to a reference file, and the identity is either verified or rejected.
Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 330 and 331 Official ISC2 guide to CISSP CBK 3rd Edition Page number 924