CISSP /58 CISSP Practice Exam Questions and Answers For Study 1 / 58 In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individual's identity? Iris scans Palm scans Retina scans Skin scans 2 / 58 All of the following are basic components of a security policy EXCEPT the statement of roles and responsibilities statement of performance of characteristics and requirements. definition of the issue and statement of relevant terms. statement of applicability and compliance requirements. 3 / 58 5. Which of the following terms describes the point where the False Acceptance Rate (FAR) equals the False Rejection Rate (FRR)? Biometric Error Rate (BER) Cross Error Rate (CER) Crossover Error Rate (CER) Failure to Enroll (FTE) 4 / 58 18. Which biometric system analyzes the distinctive patterns of blood vessels in the retina for identification? Hand geometry Iris recognition Facial recognition Retina scanning 5 / 58 Almost all types of detection permit a system's sensitivity to be increased or decreasedduring an inspection process. To have a valid measure of the system performance: The CER is used the FRR is used none of the above choices is correct the FAR is used 6 / 58 Which of the following would be the first step in establishing an information securityprogram? Adoption of a corporate information security policy statement Purchase of security access control software Development of a security awareness-training program Development and implementation of an information security standards manual 7 / 58 When developing an information security policy, what is the FIRST step that should be taken? Obtain copies of mandatory regulations. Ensure policy is compliant with current working practices. Gain management approval. Seek acceptance from other departments. 8 / 58 Which of the following is being considered as the most reliable kind of personal identification? Token Password Ticket Granting Finger print 9 / 58 Which of the following are the valid categories of hand geometry scanning? Logical and image-edge detection Electrical and image-edge detection Mechanical and image-ridge detection. Mechanical and image-edge detection 10 / 58 In addition to the accuracy of the biometric systems, there are other factors that must alsobe considered: These factors include the enrollment time, the throughput rate, and acceptability These factors do not include the enrollment time, the throughput rate, and acceptability These factors include the enrollment time and the throughput rate, but not acceptability These factors include the enrollment time, but not the throughput rate, neither the acceptability. 11 / 58 What is the function of a corporate information security policy? Define the main security objectives which must be achieved and the security framework to meet business objectives. Issue corporate standard to be used when addressing specific security problems. Define the specific assets to be protected and identify the specific tasks which must be completed to secure them Issue guidelines in selecting equipment, configuration, design, and secure operations. 12 / 58 Which one of the following is NOT a fundamental component of a Regulatory Security Policy? What is to be done. Who is to do it. When it is to be done. Why is it to be done 13 / 58 22. Which of the following is an example of behavioral biometrics? Facial recognition Voice recognition Gait recognition Iris scanning 14 / 58 You are comparing biometric systems. Security is the top priority. A low is mostimportant in this regard. ERR MTBF FAR FRR 15 / 58 Which of the following are the types of eye scan in use today? Reflective scans and iris scans Retinal scans and body scans. Retinal scans and reflective scans Retinal scans and iris scans 16 / 58 1. What is the primary advantage of using biometric systems for authentication? Cost-effectiveness Fast deployment Unique identification Ease of use 17 / 58 12. Which of the following is considered a physiological biometric identifier? Retina scanning Voice recognition Keystroke dynamics Gait recognition 18 / 58 In which one of the following documents is the assignment of individual roles andresponsibilities MOST appropriately defined? Security policy Acceptable use policy Program manual Enforcement guidelines 19 / 58 21. Which biometric method uses the geometry of the hand for identification? Hand geometry Retina scanning Fingerprint recognition Palm vein scanning 20 / 58 Which one of the following statements describes management controls that are instituted toimplement a security policy? They are generally inexpensive to implement. They prevent users from accessing any control function. They eliminate the need for most auditing functions. They may be administrative, procedural, or technical. 21 / 58 What is called the percentage of invalid subjects that are falsely accepted? False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error True Acceptance Rate (TAR) or Type III error Crossover Error Rate (CER) 22 / 58 Which of the following eye scan methods is considered to be more intrusive? Iris scans Body scans Reflective scans Retinal scans 23 / 58 7. Which biometric method is least invasive and often used for user convenience in mobile devices? Iris recognition Retina scanning Fingerprint scanning Facial recognition 24 / 58 Which one of the following should NOT be contained within a computer policy? Statement of senior executive support. Definition of legal and regulatory controls. Definition of management expectations. Responsibilities of individuals and groups for protected information. 25 / 58 4. Which biometric system is based on the measurement of blood vessels in the hand? Palm vein scanning Hand geometry Fingerprint scanning Iris recognition 26 / 58 Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching? Minutia matching None of the choices Flow direct Ridge matching 27 / 58 17. Which of the following biometric methods is based on behavioral characteristics? Gait recognition Retina scanning Palm vein scanning Fingerprint recognition 28 / 58 In biometric identification systems, at the beginning, it was soon apparent that truly positiveidentification could only be based on physical attributes of a person. This raised thenecessicity of answering 2 questions: what part of the body to be used and how to accomplish identification to be viable what was the age of a person and his income level what was the sex of a person and his age what was the tone of the voice of a person and his habits 29 / 58 Ensuring the integrity of business information is the PRIMARY concern of Encryption Security Procedural Security. On-line Security Logical Security 30 / 58 15. Which type of biometric system captures the unique characteristics of the voice for authentication? Gait recognition Facial recognition Voice recognition Signature dynamics 31 / 58 19. What is a significant security risk associated with biometric systems? The data can be easily reset like passwords Biometric systems are immune to spoofing Physical characteristics can change over time Biometric data is hard to replace once compromised 32 / 58 25. Which factor is least likely to affect the performance of a fingerprint recognition system? The user's age Dirt on the scanner High temperatures Moisture on the user's finger 33 / 58 14. Which of the following biometric methods has the highest accuracy? Fingerprint recognition Voice recognition Hand geometry Iris recognition 34 / 58 What is "Failure to Enroll (FTE)" in biometric systems? A system's inability to correctly recognize a legitimate user A system's inability to reject an unauthorized user The system fails to properly record a user’s biometric data during enrollment A user's failure to provide the correct input at authentication 35 / 58 3. What does the term "false acceptance rate (FAR)" refer to in a biometric system? The speed at which the system processes biometric data The percentage of unauthorized users incorrectly allowed access The percentage of authorized users incorrectly denied access The number of retries allowed in case of failure 36 / 58 Which of the following biometrics devices has the highs Crossover Error Rate (CER)? Voice pattern Iris scan Hang Geometry Fingerprints 37 / 58 2. Which of the following is NOT a type of biometric access control? Passwords Fingerprint scanning Retina scanning Iris recognition 38 / 58 23. What is the typical use case for biometric systems in multi-factor authentication (MFA)? Something you know Something you have Something you are All of the above 39 / 58 9. Which metric measures the likelihood that a biometric system incorrectly rejects a legitimate user? False Rejection Rate (FRR) False Acceptance Rate (FAR) Equal Error Rate (EER) Cross Error Rate (CER) 40 / 58 Which of the following choices is NOT part of a security policy? description of specific technologies used in the field of information security statement of management intend, supporting the goals and principles of information security definition of overall steps of information security and the importance of security definition of general and specific responsibilities for information security management 41 / 58 A security policy would include all of the following EXCEPT Background Enforcement Audit requirements Scope statement 42 / 58 What is the most critical characteristic of a biometric identifying system? Reliability Storage requirements Accuracy Perceived intrusiveness 43 / 58 Which must bear the primary responsibility for determining the level of protection needed forinformation systems resources? Seniors security analysts system auditors IS security specialists Senior Management 44 / 58 24. Which of the following reduces the risk of biometric spoofing? Biometric database replication Multi-factor authentication (MFA) Higher FRR Lower FAR 45 / 58 Why must senior management endorse a security policy? So that they can be held legally accountable. So that they will accept ownership for security within the organization. So that employees will follow the policy directives. So that external bodies will recognize the organizations commitment to security. 46 / 58 By requiring the user to use more than one finger to authenticate, you can: Provide statistical improvements in FRR. Provide statistical improvements in ERR Provide statistical improvements in MTBF Provide statistical improvements in EAR. 47 / 58 6. What is a primary disadvantage of biometric systems? Users often forget how to use them They are too secure They are very slow to process They can be expensive to implement 48 / 58 10. Biometric systems provide which of the following advantages over traditional access methods like passwords? They are immune to hacking Biometric data is easier to replicate They are more cost-effective They eliminate the need to remember a password 49 / 58 16. What is the main challenge of using facial recognition systems in poorly lit environments? Inability to process data High FAR rate High FRR rate Inaccurate biometric template generation 50 / 58 Which of the following defines the intent of a system security policy? A brief, high-level statement defining what is and is not permitted during the operation of the system. A definition of those items that must be excluded on the system. A listing of tools and applications that will be used to protect the system. A definition of the particular settings that have been determined to provide optimum security. 51 / 58 Which of the following biometric parameters are better suited for authentication use over along period of time? Iris pattern Retina pattern Voice pattern Signature dynamics 52 / 58 8. What type of biometric system uses the measurement of the unique patterns in the colored ring around the pupil? Hand geometry Fingerprint scanning Retina scanning Iris recognition 53 / 58 Which of the following department managers would be best suited to oversee thedevelopment of an information security policy? Business operations Information Systems Security administration Human Resources 54 / 58 Which one of the following is an important characteristic of an information security policy? Requires the identification of information owners. Lists applications that support the business function. Identifies major functional areas of information. Quantifies the effect of the loss of the information. 55 / 58 The quality of finger prints is crucial to maintain the necessary: ERR and FAR FRR and FAR FRR FAR 56 / 58 Type II errors occur when which of the following biometric system rates is high? False accept rate False reject rate Crossover error rate Speed and throughput rate 57 / 58 20. Which of the following is considered the least secure biometric method due to environmental variables? Iris recognition Retina scanning Fingerprint recognition Voice recognition 58 / 58 13. In a biometric access system, what does a "template" refer to? The physical device used to scan biometric traits A record of an individual’s biometric data stored for comparison The pattern of data flow in the network A reference document used to design the system Your score is 0% Restart quiz