In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices?
Correct Answer: A
Explanation/Reference: equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most accurate. In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the CrossOver Error Rate (CER) is used. The following are used as performance metrics for biometric systems: false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold value. false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected. failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs. failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. and Wikipedia at: https://en.wikipedia.org/wiki/Biometrics
Question 542
What is called an event or activity that has the potential to cause harm to the information systems or networks?
Correct Answer: D
Section: Risk, Response and Recovery Explanation/Reference: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 16, 32.
Question 543
A proxy is considered a:
Correct Answer: C
Section: Network and Telecommunications Explanation/Reference: The proxy (application layer firewall, circuit level proxy, or application proxy ) is a second generation firewall "First generation firewall" incorrect. A packet filtering firewall is a first generation firewall. "Third generation firewall" is incorrect. Stateful Firewall are considered third generation firewalls "Fourth generation firewall" is incorrect. Dynamic packet filtering firewalls are fourth generation firewalls References: CBK, p. 464 AIO3, pp. 482 - 484 Neither CBK or AIO3 use the generation terminology for firewall types but you will encounter it frequently as a practicing security professional. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/ scf4ch3.htm for a general discussion of the different generations.
Question 544
Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
Correct Answer: A
Section: Analysis and Monitoring Explanation/Reference: An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit logs in order to determine if any violations of an organization's system security policy have taken place. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.
Question 545
The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:
Correct Answer: A
Section: Security Operation Adimnistration Explanation/Reference: The reference monitor concept is an abstract machine that ensures that all subjects have the necessary access rights before accessing objects. Therefore, the kernel will mediates all accesses to objects by subjects and will do so by validating through the reference monitor concept. The kernel does not decide whether or not the access will be granted, it will be the Reference Monitor which is a subset of the kernel that will say YES or NO. All access requests will be intercepted by the Kernel, validated through the reference monitor, and then access will either be denied or granted according to the request and the subject privileges within the system. 1. The reference monitor must be small enough to be full tested and valided 2. The Kernel must MEDIATE all access request from subjects to objects 3. The processes implementing the reference monitor must be protected 4. The reference monitor must be tamperproof The following answers are incorrect: The security kernel is the mechanism that actually enforces the rules of the reference monitor concept. The other answers are distractors. Shon Harris, All In One, 5th Edition, Security Architecture and Design, Page 330 also see http://en.wikipedia.org/wiki/Reference_monitor
