Buffer overflow and boundary condition errors are subsets of:
Correct Answer: B
Question 872
Which of the following media is MOST resistant to tapping?
Correct Answer: D
Fiber Optic is the most resistant to tapping because Fiber Optic uses a light to transmit the signal. While there are some technologies that will allow to monitor the line passively, it is very difficult to tap into without detection sot this technology would be the MOST resistent to tapping. The following answers are in correct: microwave. Is incorrect because microwave transmissions can be intercepted if in the path of the broadcast without detection. twisted pair. Is incorrect because it is easy to tap into a twisted pair line. coaxial cable. Is incorrect because it is easy to tap into a coaxial cable line.
Question 873
In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices?
Correct Answer: A
equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most accurate. In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the CrossOver Error Rate (CER) is used. The following are used as performance metrics for biometric systems: false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold value. false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected. failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs. failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 and Wikipedia at: https://en.wikipedia.org/wiki/Biometrics
Question 874
An access control policy for a bank teller is an example of the implementation of which of the following?
Correct Answer: D
The position of a bank teller is a specific role within the bank, so you would implement a role-based policy. The following answers are incorrect: Rule-based policy. Is incorrect because this is based on rules and not the role of a of a bank teller so this would not be applicable for a specific role within an organization. Identity-based policy. Is incorrect because this is based on the identity of an individual and not the role of a bank teller so this would not be applicable for a specific role within an organization. User-based policy. Is incorrect because this would be based on the user and not the role of a bank teller so this would not be not be applicable for a specific role within an organization.
Question 875
What is the main purpose of Corporate Security Policy?
Correct Answer: B
Explanation/Reference: Explanation: A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. Incorrect Answers: A: It is not the main purpose of Corporate Security Policy to transfer the responsibility for the information security to all users of the organization. C: It is not the main purpose of Corporate Security Policy to provide detailed steps for performing specific actions. D: It is not the main purpose of Corporate Security Policy to provide a common framework for all development activities. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102
