What is the most critical characteristic of a biometric identifying system?
Correct Answer: C
Section: Access Control Explanation Explanation/Reference: Accuracy is the most critical characteristic of a biometric identifying verification system. Accuracy is measured in terms of false rejection rate (FRR, or type I errors) and false acceptance rate (FAR or type II errors). The Crossover Error Rate (CER) is the point at which the FRR equals the FAR and has become the most important measure of biometric system accuracy. Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric Identification (page 9).
Question 128
Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?
Correct Answer: B
Explanation/Reference: Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost all fall under three major areas. There are three fundamental types of authentication: Authentication by knowledge-something a person knows Authentication by possession-something a person has Authentication by characteristic-something a person is Logical controls related to these types are called "factors." Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics. Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is the combination of all three factors. The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach Publications. Kindle Edition.
Question 129
Communications devices must operate:
Correct Answer: B
Explanation/Reference: Communications devices must operate at the same speed to communicate. Source: KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100.
Question 130
Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?
Correct Answer: D
Explanation/Reference: Static translation (also called port forwarding), assigns a fixed address to a specific internal network resource (usually a server). Static NAT is required to make internal hosts available for connection from external hosts. It merely replaces port information on a one-to-one basis. This affords no protection to statistically translated hosts: hacking attacks will be just as efficiently translated as any other valid connection attempt. NOTE FROM CLEMENT: Hiding Nat or Overloaded Nat is when you have a group of users behind a unique public IP address. This will provide you with some security through obscurity where an attacker scanning your network would see the unique IP address on the outside of the gateway but could not tell if there is one user, ten users, or hundreds of users behind that IP. NAT was NEVER built as a security mechanism. In the case of Static NAT used for some of your servers for example, your web server private IP is map to a valid external public IP on a one on one basis, your SMTP server private IP is mapped to a static public IP, and so on. If an attacker scan the IP address range on the external side of the gateway he would discover every single one of your servers or any other hosts using static natting. Ports that are open, services that are listening, and all of this info could be gathered just as if the server was in fact using a public IP. It does not provide this security through obscurity mentioned above. All of the other answer are incorrect. Reference used for this question: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 7: Network Address Translation.
Question 131
Preservation of confidentiality within information systems requires that the information is not disclosed to:
Correct Answer: B
Explanation/Reference: Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31.