CISSP /58 CISSP Practice Exam Questions and Answers For Study 1 / 58 7. Which biometric method is least invasive and often used for user convenience in mobile devices? Retina scanning Facial recognition Iris recognition Fingerprint scanning 2 / 58 Type II errors occur when which of the following biometric system rates is high? Crossover error rate False accept rate False reject rate Speed and throughput rate 3 / 58 A security policy would include all of the following EXCEPT Enforcement Scope statement Audit requirements Background 4 / 58 Which of the following choices is NOT part of a security policy? definition of overall steps of information security and the importance of security definition of general and specific responsibilities for information security management statement of management intend, supporting the goals and principles of information security description of specific technologies used in the field of information security 5 / 58 5. Which of the following terms describes the point where the False Acceptance Rate (FAR) equals the False Rejection Rate (FRR)? Cross Error Rate (CER) Biometric Error Rate (BER) Crossover Error Rate (CER) Failure to Enroll (FTE) 6 / 58 Which of the following eye scan methods is considered to be more intrusive? Iris scans Retinal scans Reflective scans Body scans 7 / 58 Ensuring the integrity of business information is the PRIMARY concern of Procedural Security. Logical Security Encryption Security On-line Security 8 / 58 What is the most critical characteristic of a biometric identifying system? Storage requirements Perceived intrusiveness Reliability Accuracy 9 / 58 In biometric identification systems, at the beginning, it was soon apparent that truly positiveidentification could only be based on physical attributes of a person. This raised thenecessicity of answering 2 questions: what was the age of a person and his income level what was the tone of the voice of a person and his habits what part of the body to be used and how to accomplish identification to be viable what was the sex of a person and his age 10 / 58 Which of the following biometric parameters are better suited for authentication use over along period of time? Retina pattern Iris pattern Signature dynamics Voice pattern 11 / 58 Which one of the following should NOT be contained within a computer policy? Responsibilities of individuals and groups for protected information. Definition of management expectations. Statement of senior executive support. Definition of legal and regulatory controls. 12 / 58 By requiring the user to use more than one finger to authenticate, you can: Provide statistical improvements in EAR. Provide statistical improvements in ERR Provide statistical improvements in MTBF Provide statistical improvements in FRR. 13 / 58 18. Which biometric system analyzes the distinctive patterns of blood vessels in the retina for identification? Retina scanning Iris recognition Hand geometry Facial recognition 14 / 58 8. What type of biometric system uses the measurement of the unique patterns in the colored ring around the pupil? Retina scanning Iris recognition Fingerprint scanning Hand geometry 15 / 58 14. Which of the following biometric methods has the highest accuracy? Voice recognition Fingerprint recognition Hand geometry Iris recognition 16 / 58 10. Biometric systems provide which of the following advantages over traditional access methods like passwords? They are immune to hacking They are more cost-effective Biometric data is easier to replicate They eliminate the need to remember a password 17 / 58 Which one of the following statements describes management controls that are instituted toimplement a security policy? They may be administrative, procedural, or technical. They prevent users from accessing any control function. They are generally inexpensive to implement. They eliminate the need for most auditing functions. 18 / 58 Which of the following would be the first step in establishing an information securityprogram? Adoption of a corporate information security policy statement Purchase of security access control software Development and implementation of an information security standards manual Development of a security awareness-training program 19 / 58 13. In a biometric access system, what does a "template" refer to? The pattern of data flow in the network A record of an individual’s biometric data stored for comparison A reference document used to design the system The physical device used to scan biometric traits 20 / 58 Which must bear the primary responsibility for determining the level of protection needed forinformation systems resources? Seniors security analysts IS security specialists Senior Management system auditors 21 / 58 The quality of finger prints is crucial to maintain the necessary: FRR FAR ERR and FAR FRR and FAR 22 / 58 In which one of the following documents is the assignment of individual roles andresponsibilities MOST appropriately defined? Acceptable use policy Enforcement guidelines Security policy Program manual 23 / 58 Which of the following is being considered as the most reliable kind of personal identification? Password Finger print Token Ticket Granting 24 / 58 3. What does the term "false acceptance rate (FAR)" refer to in a biometric system? The number of retries allowed in case of failure The percentage of authorized users incorrectly denied access The percentage of unauthorized users incorrectly allowed access The speed at which the system processes biometric data 25 / 58 In addition to the accuracy of the biometric systems, there are other factors that must alsobe considered: These factors include the enrollment time and the throughput rate, but not acceptability These factors do not include the enrollment time, the throughput rate, and acceptability These factors include the enrollment time, the throughput rate, and acceptability These factors include the enrollment time, but not the throughput rate, neither the acceptability. 26 / 58 Almost all types of detection permit a system's sensitivity to be increased or decreasedduring an inspection process. To have a valid measure of the system performance: the FRR is used the FAR is used The CER is used none of the above choices is correct 27 / 58 You are comparing biometric systems. Security is the top priority. A low is mostimportant in this regard. ERR FRR MTBF FAR 28 / 58 What is called the percentage of invalid subjects that are falsely accepted? Crossover Error Rate (CER) True Acceptance Rate (TAR) or Type III error False Acceptance Rate (FAR) or Type II Error False Rejection Rate (FRR) or Type I Error 29 / 58 All of the following are basic components of a security policy EXCEPT the statement of applicability and compliance requirements. statement of roles and responsibilities statement of performance of characteristics and requirements. definition of the issue and statement of relevant terms. 30 / 58 1. What is the primary advantage of using biometric systems for authentication? Unique identification Cost-effectiveness Fast deployment Ease of use 31 / 58 12. Which of the following is considered a physiological biometric identifier? Gait recognition Keystroke dynamics Voice recognition Retina scanning 32 / 58 Which one of the following is an important characteristic of an information security policy? Lists applications that support the business function. Identifies major functional areas of information. Requires the identification of information owners. Quantifies the effect of the loss of the information. 33 / 58 Which of the following are the types of eye scan in use today? Retinal scans and reflective scans Retinal scans and iris scans Reflective scans and iris scans Retinal scans and body scans. 34 / 58 Which of the following biometrics devices has the highs Crossover Error Rate (CER)? Iris scan Voice pattern Fingerprints Hang Geometry 35 / 58 Why must senior management endorse a security policy? So that they will accept ownership for security within the organization. So that they can be held legally accountable. So that employees will follow the policy directives. So that external bodies will recognize the organizations commitment to security. 36 / 58 Which of the following defines the intent of a system security policy? A definition of the particular settings that have been determined to provide optimum security. A definition of those items that must be excluded on the system. A listing of tools and applications that will be used to protect the system. A brief, high-level statement defining what is and is not permitted during the operation of the system. 37 / 58 Which of the following are the valid categories of hand geometry scanning? Mechanical and image-ridge detection. Mechanical and image-edge detection Electrical and image-edge detection Logical and image-edge detection 38 / 58 4. Which biometric system is based on the measurement of blood vessels in the hand? Hand geometry Palm vein scanning Fingerprint scanning Iris recognition 39 / 58 In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individual's identity? Palm scans Retina scans Iris scans Skin scans 40 / 58 What is the function of a corporate information security policy? Define the main security objectives which must be achieved and the security framework to meet business objectives. Define the specific assets to be protected and identify the specific tasks which must be completed to secure them Issue guidelines in selecting equipment, configuration, design, and secure operations. Issue corporate standard to be used when addressing specific security problems. 41 / 58 9. Which metric measures the likelihood that a biometric system incorrectly rejects a legitimate user? False Acceptance Rate (FAR) False Rejection Rate (FRR) Equal Error Rate (EER) Cross Error Rate (CER) 42 / 58 6. What is a primary disadvantage of biometric systems? They are too secure Users often forget how to use them They are very slow to process They can be expensive to implement 43 / 58 16. What is the main challenge of using facial recognition systems in poorly lit environments? High FRR rate High FAR rate Inability to process data Inaccurate biometric template generation 44 / 58 17. Which of the following biometric methods is based on behavioral characteristics? Retina scanning Gait recognition Fingerprint recognition Palm vein scanning 45 / 58 When developing an information security policy, what is the FIRST step that should be taken? Gain management approval. Obtain copies of mandatory regulations. Ensure policy is compliant with current working practices. Seek acceptance from other departments. 46 / 58 22. Which of the following is an example of behavioral biometrics? Voice recognition Facial recognition Iris scanning Gait recognition 47 / 58 20. Which of the following is considered the least secure biometric method due to environmental variables? Fingerprint recognition Voice recognition Iris recognition Retina scanning 48 / 58 What is "Failure to Enroll (FTE)" in biometric systems? A system's inability to correctly recognize a legitimate user A user's failure to provide the correct input at authentication The system fails to properly record a user’s biometric data during enrollment A system's inability to reject an unauthorized user 49 / 58 15. Which type of biometric system captures the unique characteristics of the voice for authentication? Facial recognition Signature dynamics Gait recognition Voice recognition 50 / 58 Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching? Ridge matching None of the choices Minutia matching Flow direct 51 / 58 24. Which of the following reduces the risk of biometric spoofing? Higher FRR Multi-factor authentication (MFA) Biometric database replication Lower FAR 52 / 58 21. Which biometric method uses the geometry of the hand for identification? Fingerprint recognition Hand geometry Palm vein scanning Retina scanning 53 / 58 19. What is a significant security risk associated with biometric systems? Biometric systems are immune to spoofing The data can be easily reset like passwords Physical characteristics can change over time Biometric data is hard to replace once compromised 54 / 58 Which of the following department managers would be best suited to oversee thedevelopment of an information security policy? Security administration Human Resources Business operations Information Systems 55 / 58 2. Which of the following is NOT a type of biometric access control? Retina scanning Iris recognition Passwords Fingerprint scanning 56 / 58 Which one of the following is NOT a fundamental component of a Regulatory Security Policy? When it is to be done. Why is it to be done What is to be done. Who is to do it. 57 / 58 25. Which factor is least likely to affect the performance of a fingerprint recognition system? Moisture on the user's finger High temperatures Dirt on the scanner The user's age 58 / 58 23. What is the typical use case for biometric systems in multi-factor authentication (MFA)? Something you are Something you know Something you have All of the above Your score is 0% Restart quiz