Читаем CISSP Practice полностью

117. c. The trick is balancing the trade-off between the false acceptance rate (FAR) and false rejection rate (FRR). A high FAR means that security is unacceptably weak.

A FAR is the probability that a biometric system can incorrectly identify an individual or fail to reject an imposter. The FAR given normally assumes passive imposter attempts, and a low FAR is better. The FAR is stated as the ratio of the number of false acceptances divided by the number of identification attempts.

An FRR is the probability that a biometric system will fail to identify an individual or verify the legitimate claimed identity of an individual. A low FRR is better. The FRR is stated as the ratio of the number of false rejections divided by the number of identification attempts.

118. In biometrics-based identification and authentication techniques, which of the following indicates that technology used in a biometric system is not viable?

a. Low false acceptance rate

b. Low false rejection rate

c. High false acceptance rate

d. High false rejection rate

118. d. A high false rejection rate (FRR) means that the technology is creating a (PP) nuisance to falsely rejected users thereby undermining user acceptance and questioning the viability of the technology used. This could also mean that the technology is obsolete, inappropriate, and/or not meeting the user’s changing needs.

A false acceptance rate (FAR) is the probability that a biometric system will incorrectly identify an individual or fail to reject an imposter. The FAR given normally assumes passive imposter attempts, and a low FAR is better and a high FAR is an indication of a poorly operating biometric system, not related to technology. The FAR is stated as the ratio of the number of false acceptances divided by the number of identification attempts.

A FRR is the probability that a biometric system will fail to identify an individual or verify the legitimate claimed identity of an individual. A low FRR is better. The FRR is stated as the ratio of the number of false rejections divided by the number of identification attempts.

119. In biometrics-based identification and authentication techniques, what is a countermeasure to mitigate the threat of identity spoofing?

a. Liveness detection

b. Digital signatures

c. Rejecting exact matches

d. Session lock

119. a. An adversary may present something other than his own biometric to trick the system into verifying someone else’s identity, known as spoofing. One type of mitigation for an identity spoofing threat is liveness detection (e.g., pulse or lip reading). The other three choices cannot perform liveness detection.

120. In biometrics-based identification and authentication techniques, what is a countermeasure to mitigate the threat of impersonation?

a. Liveness detection

b. Digital signatures

c. Rejecting exact matches

d. Session lock

120. b. Attackers can use residual data on the biometric reader or in memory to impersonate someone who authenticated previously. Cryptographic methods such as digital signatures can prevent attackers from inserting or swapping biometric data without detection. The other three choices do not provide cryptographic measures to prevent impersonation attacks.

121. In biometrics-based identification and authentication techniques, what is a countermeasure to mitigate the threat of replay attack?

a. Liveness detection

b. Digital signatures

c. Rejecting exact matches

d. Session lock

121. c. A replay attack occurs when someone can capture a valid user’s biometric data and use it at a later time for unauthorized access. A potential solution is to reject exact matches, thereby requiring the user to provide another biometric sample. The other three choices do not provide exact matches.

122. In biometrics-based identification and authentication techniques, what is a countermeasure to mitigate the threat of a security breach from unsuccessful authentication attempts?

a. Liveness detection

b. Digital signatures

c. Rejecting exact matches

d. Session lock