CISSP CBK Review Seminar -- Domain 5 Flashcards

1
Q
  1. What physical characteristics does a retinal scan biometric device measure?

(A) The amount of light reaching the retina
(B) The amount of light reflected by the retina
(C) The size, curvature, and shape of the retina
(D) The pattern of blood vessels on the retina

A

(D) The pattern of blood vessels on the retina

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. ABZ Organization is constructing a new secure facility and has elected to install a two- tier access control system, which will consist of proximity badges and biometric devices. The system security professional is tasked with acquiring the access control systems. The only requirements are to keep cost as low as possible and minimize system down time.

While evaluating the effectiveness of several new devices, the security professional should expect that a biometric device becomes more sensitive when

(A) both the False Acceptance Rate (FAR) and False Rejection Rate (FRR) increase.
(B) the FAR increases while the FRR decreases.
(C) the FAR decreases while the FRR increases.
(D) both the FAR and FRR decrease.

A

(C) the FAR decreases while the FRR increases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. ABZ Organization is constructing a new secure facility and has elected to install a two- tier access control system, which will consist of proximity badges and biometric devices. The system security professional is tasked with acquiring the access control systems. The only requirements are to keep cost as low as possible and minimize system down time.

The point where the False Acceptance Rate (FAR) and False Rejection Rate (FRR) is balanced is known as the

(A) Crossover Error Rate (CER).
(B) Crossover Acceptance Rate (CAR).
(C) Equal Crossover Rate (EQR).
(D) Equal Acceptance Rate (EAR).

A

(A) Crossover Error Rate (CER).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

While evaluating the effectiveness of several new devices, the security professional should expect that a biometric device has more error rates when

(A) both the False Acceptance Rate (FAR) and False Rejection Rate (FRR) increase.
(B) the FAR increases while the FRR decreases.
(C) the FAR decreases while the FRR increases.
(D) both the FAR and FRR decrease.

A

(B) the FAR increases while the FRR decreases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What is one advantage of content-dependent access control of information?

(A) It prevents data locking.
(B) It limits the user’s individual address space.
(C) It provides highly granular control.
(D) It confines access to authorized users of the system.

A

(C) It provides highly granular control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What is the GREATEST vulnerability of relying solely on proximity cards for access to a secure facility?

(A) A lost or stolen card may allow an unauthorized person to gain access.
(B) A proximity card is too easy to duplicate or forge.
(C) A proximity card does not record time of departure.
(D) An electrical power failure may deny access to all users.

A

(A) A lost or stolen card may allow an unauthorized person to gain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What determines the correct classification of data in a Mandatory Access Control (MAC) environment?

(A) The analysis of the users in conjunction with the audit department
(B) The assessment by the information security department
(C) The user’s evaluation of a particular information element
(D) The requirements of the organization’s published security policy

A

(D) The requirements of the organization’s published security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is one disadvantage of content-dependent access control of information?

(A) It increases processing overhead.
(B) It requires additional password entry.
(C) It exposes the system to data locking.
(D) It limits the user’s individual address space.

A

(A) It increases processing overhead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What is a PRIMARY reason for designing the security kernel to be as small as possible?

(A) The operating system cannot be easily penetrated by users.
(B) Changes to the kernel are not required as frequently.
(C) Due to its compactness, the kernel is easier to formally verify.
(D) System performance and execution are enhanced as the kernel is faster

A

(C) Due to its compactness, the kernel is easier to formally verify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What should be the size of a Trusted Computer Base?

(A) Small - in order to permit it to be implemented in all critical system components without using excessive resources
(B) Small - in order to facilitate the detailed analysis necessary to prove that it meets design requirements
(C) Large - in order to accommodate the implementation of future updates without incurring the time and expense of recertification
(D) Large - in order to enable it to protect the potentially large number of resources in a typical commercial system environment

A

(B) Small - in order to facilitate the detailed analysis necessary to prove that it meets design requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which one of the following refers to a series of characters used to verify a user’s identity?

(A) Token serial number
(B) UserID
(C) Password
(D) Security ticket

A

(C) Password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which one of the following can be used to increase the authentication strength of an access control system?

(A) Multi-party
(B) Two factor
(C) Mandatory
(D) Discretionary

A

(B) Two factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly