Читаем CISSP Practice полностью

126. From an access control effectiveness viewpoint, which of the following represents biometric verification when a user submits a combination of a personal identification number (PIN) first and biometric sample next for authentication?

a. One-to-one matching

b. One-to-many matching

c. Many-to-one matching

d. Many-to-many matching

126. a. This combination of authentication represents something that you know (PIN) and something that you are (biometric). At the authentication system prompt, the user enters the PIN and then submits a biometric live-captured sample. The system compares the biometric sample to the biometric reference data associated with the PIN entered, which is a one-to-one matching of biometric verification. The other three choices are incorrect because the correct answer is based on its definition.

127. From an access control effectiveness viewpoint, which of the following represents biometric identification when a user submits a combination of a biometric sample first and a personal identification number (PIN) next for authentication?

a. One-to-one matching

b. One-to-many matching

c. Many-to-one matching

d. Many-to-many matching

127. b. This combination of authentication represents something that you know (PIN) and something that you are (biometric). The user presents a biometric sample first to the sensor, and the system conducts a one-to-many matching of biometric identification. The user is prompted to supply a PIN that provided the biometric reference data. The other three choices are incorrect because the correct answer is based on its definition.

128. During biometric identification, which of the following can result in slow system response times and increased expense?

a. One-to-one matching

b. One-to-many matching

c. Many-to-one matching

d. Many-to-many matching

128. b. The biometric identification with one-to-many matching can result in slow system response times and can be more expensive depending on the size of the biometric database. That is, the larger the database size, the slower the system response time. A personal identification number (PIN) is entered as a second authentication factor, and the matching is slow.

129. During biometric verification, which of the following can result in faster system response times and can be less expensive?

a. One-to-one matching

b. One-to-many matching

c. Many-to-one matching

d. Many-to-many matching

129. a. The biometric verification with one-to-one matching can result in faster system response times and can be less expensive because the personal identification number (PIN) is entered as a first authenticator and the matching is quick.

130. From an access control effectiveness viewpoint, which of the following is represented when a user submits a combination of hardware token and a personal identification number (PIN) for authentication?

1. A weak form of two-factor authentication

2. A strong form of two-factor authentication

3. Supports physical access

4. Supports logical access

a. 1 only

b. 2 only

c. 1 and 3

d. 2 and 4

130. c. This combination represents something that you have (i.e., hardware token) and something that you know (i.e., PIN). The hardware token can be lost or stolen. Therefore, this is a weak form of two-factor authentication that can be used to support unattended access controls for physical access only. Logical access controls are software-based and as such do not support a hardware token.

131. From an access control effectiveness viewpoint, which of the following is represented when a user submits a combination of public key infrastructure (PKI) keys and a personal identification number (PIN) for authentication?

1. A weak form of two-factor authentication

2. A strong form of two-factor authentication

3. Supports physical access

4. Supports logical access