The Crossover Error Rate (CER) is a good measure of performance for:
Correct Answer: A
The CER is one of the three main performance measurements used in biometrics.
Question 502
Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:
Correct Answer: D
Explanation/Reference: These are core functions of the incident response process. "Incident Evaluation" is incorrect. Evaluation of the extent and cause of the incident is a component of the incident response process. "Incident Recognition" is incorrect. Recognition that an incident has occurred is the precursor to the initiation of the incident response process. "Incident Protection" is incorrect. This is an almost-right-sounding nonsense answer to distract the unwary. References CBK, pp. 698 - 703
Question 503
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives?
Correct Answer: B
Soft Control is another way of referring to Administrative control. Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer. Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, policies, etc which are usually paper based. In the administrative category you would find audit, monitoring, and security awareness as well. Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc... Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
Question 504
Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?
Correct Answer: C
Actions to be performed in case of a disaster are not normally part of an information security policy but part of a Disaster Recovery Plan (DRP). Only personnel implicated in the plan should have a copy of the Disaster Recovery Plan whereas everyone should be aware of the contents of the organization's information security policy. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 398).
Question 505
Another example of Computer Incident Response Team (CIRT) activities is:
Correct Answer: D
Section: Risk, Response and Recovery Explanation/Reference: Additional examples of CIRT activities are: Management of the network logs, including collection, retention, review, and analysis of data Management of the resolution of an incident, management of the remediation of a vulnerability, and post-event reporting to the appropriate parties. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 64.
