It relies on two independent proofs of identity.

The Answer: It relies on two independent proofs of identity. Two-factor
authentication refers to using two independent proofs of identity, such as something the
user has (e.g. a token card) and something the user knows (a password). Two-factor
authentication may be used with single sign-on.
The following answers are incorrect: It requires two measurements of hand geometry.
Measuring hand geometry twice does not yield two independent proofs.
It uses the RSA public-key signature based on integers with large prime factors. RSA
encryption uses integers with exactly two prime factors, but the term "two-factor
authentication" is not used in that context.
It does not use single sign-on technology. This is a detractor. The following reference(s) were/was used to create this question:
Shon Harris AIO v.3 p.129
ISC2 OIG, 2007 p. 126

Kerberos uses a database to keep a copy of all users' public keys.

Kerberos is a trusted, credential-based, third-party authentication protocol
that uses symmetric (secret) key cryptography to provide robust authentication to clients
accessing services on a network.
One weakness of Kerberos is its Key Distribution Center (KDC), which represents a single
point of failure.
The KDC contains a database that holds a copy of all of the symmetric/secret keys for the
principals.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page40).

Photoelectric sensor

A photoelectric sensor does not "directly" sense motion there is a narrow
beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, along
with dry contact switches, are a type of perimeter intrusion detector.
All of the other answers are valid types of motion detectors types.
The content below on the different types of sensors is from Wikepedia:
Indoor Sensors
These types of sensors are designed for indoor use. Outdoor use would not be advised
due to false alarm vulnerability and weather durability.Passive infrared detectors                                                                                                                                              

C:\Users\MCS\Desktop\1.jpg
Passive Infrared Sensor
The passive infrared detector (PIR) is one of the most common detectors found in
household and small business environments because it offers affordable and reliable
functionality. The term passive means the detector is able to function without the need to
generate and radiate its own energy (unlike ultrasonic and microwave volumetric intrusion
detectors that are “active” in operation). PIRs are able to distinguish if an infrared emitting
object is present by first learning the ambient temperature of the monitored space and then
detecting a change in the temperature caused by the presence of an object. Using the
principle of differentiation, which is a check of presence or nonpresence, PIRs verify if an
intruder or object is actually there. Creating individual zones of detection where each zone
comprises one or more layers can achieve differentiation. Between the zones there are
areas of no sensitivity (dead zones) that are used by the sensor for comparisonUltrasonic detectors
Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic
sound waves that are inaudible to humans. The Doppler shift principle is the underlying
method of operation, in which a change in frequency is detected due to object motion. This
is caused when a moving object changes the frequency of sound waves around it. Two
conditions must occur to successfully detect a Doppler shift event:
There must be motion of an object either towards or away from the receiver.
The motion of the object must cause a change in the ultrasonic frequency to the receiver
relative to the transmitting frequency.
The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the
area to be protected. The sound waves are reflected by solid objects (such as the
surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic
waves are transmitted through air, then hard-surfaced objects tend to reflect most of the
ultrasonic energy, while soft surfaces tend to absorb most energy. When the surfaces are stationary, the frequency of the waves detected by the receiver will
be equal to the transmitted frequency. However, a change in frequency will occur as a
result of the Doppler principle, when a person or object is moving towards or away from the
detector. Such an event initiates an alarm signal. This technology is considered obsolete by
many alarm professionals, and is not actively installed.
Microwave detectors
This device emits microwaves from a transmitter and detects any reflected microwaves or
reduction in beam intensity using a receiver. The transmitter and receiver are usually
combined inside a single housing (monostatic) for indoor applications, and separate
housings (bistatic) for outdoor applications. To reduce false alarms this type of detector is
usually combined with a passive infrared detector or "Dualtec" alarm.
Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by
a phase shift, or by a sudden reduction of the level of received energy. Any of these effects
may indicate motion of an intruder. Photo-electric beams
Photoelectric beam systems detect the presence of an intruder by transmitting visible or
infrared light beams across an area, where these beams may be obstructed. To improve
the detection surface area, the beams are often employed in stacks of two or more.
However, if an intruder is aware of the technology's presence, it can be avoided. The
technology can be an effective long-range detection system, if installed in stacks of three or
more where the transmitters and receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine
attack using a secondary light source being used to hold the detector in a 'sealed' condition
whilst an intruder passes through, most systems use and detect a modulated light source.
Glass break detectors
The glass break detector may be used for internal perimeter building protection. When
glass breaks it generates sound in a wide band of frequencies. These can range from
infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through
the audio band from 20 Hz to 20 kHz which humans can hear, right up to ultrasonic, which
is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted
in close proximity to the glass panes and listen for sound frequencies associated with glass
breaking. Seismic glass break detectors are different in that they are installed on the glass
pane. When glass breaks it produces specific shock frequencies which travel through the
glass and often through the window frame and the surrounding walls and ceiling. Typically,
the most intense frequencies generated are between 3 and 5 kHz, depending on the type
of glass and the presence of a plastic interlayer. Seismic glass break detectors “feel” these
shock frequencies and in turn generate an alarm condition.
The more primitive detection method involves gluing a thin strip of conducting foil on the
inside of the glass and putting low-power electrical current through it. Breaking the glass is
practically guaranteed to tear the foil and break the circuit.
Smoke, heat, and carbon monoxide detectors
                                                                                                                

C:\Users\MCS\Desktop\1.jpg
Heat Detection System
Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors.
These are also known as 24 hour zones (which are on at all times). Smoke detectors and
heat detectors protect from the risk of fire and carbon monoxide detectors protect from the
risk of carbon monoxide. Although an intruder alarm panel may also have these detectors
connected, it may not meet all the local fire code requirements of a fire alarm system. Other types of volumetric sensors could be:
Active Infrared
Passive Infrared/Microware combined
Radar
Accoustical Sensor/Audio
Vibration Sensor (seismic)
Air Turbulence

 Preventive/Administrative Pairing

Soft Control is another way of referring to Administrative control.
Technical and Physical controls are NOT soft control, so any choice listing them was not
the best answer.
Preventative/Technical is incorrect because although access control can be technical
control, it is commonly not referred to as a "soft" control
Preventative/Administrative is correct because access controls are preventative in nature. it
is always best to prevent a negative event, however there are times where controls might
fail and you cannot prevent everything. Administrative controls are roles, responsibilities,
policies, etc which are usually paper based. In the administrative category you would find
audit, monitoring, and security awareness as well.
Preventative/Physical pairing is incorrect because Access controls with an emphasis on
"soft" mechanisms conflict with the basic concept of physical controls, physical controls are
usually tangible objects such as fences, gates, door locks, sensors, etc...Detective/Administrative Pairing is incorrect because access control is a preventative
control used to control access, not to detect violations to access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

Role-based access control

The underlying problem for a company with a lot of turnover is assuring that
new employees are assigned the correct access permissions and that those permissions
are removed when they leave the company.
Selecting the best answer requires one to think about the access control options in the
context of a company with a lot of flux in the employee population. RBAC simplifies the task
of assigning permissions because the permissions are assigned to roles which do not
change based on who belongs to them. As employees join the company, it is simply a
matter of assigning them to the appropriate roles and their permissions derive from their
assigned role. They will implicitely inherit the permissions of the role or roles they have
been assigned to. When they leave the company or change jobs, their role assignment is
revoked/changed appropriately.
Mandatory access control is incorrect. While controlling access based on the clearence
level of employees and the sensitivity of obects is a better choice than some of the other
incorrect answers, it is not the best choice when RBAC is an option and you are looking for
the best solution for a high number of employees constantly leaving or joining the
company.
Lattice-based access control is incorrect. The lattice is really a mathematical conceptthat is
used in formally modeling information flow (Bell-Lapadula, Biba, etc). In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324-
325.
Discretionary access control is incorrect. When an employee joins or leaves the company,
the object owner must grant or revoke access for that employee on all the objects they
own. Problems would also arise when the owner of an object leaves the company. The
complexity of assuring that the permissions are added and removed correctly makes this
the least desirable solution in this situation.
References
Alll in One, third edition page 165
RBAC is discussed on pp. 189 through 191 of the ISC(2) guide.

authentication

The Answer: authentication. Kerberos is an authentication service. It can use
single-factor or multi-factor authentication methods.
The following answers are incorrect:
non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not
help with non-repudiation.
confidentiality. Once the client is authenticated by Kerberos and obtains its session key and
ticket, it may use them to assure confidentiality of its communication with a server;
however, that is not a Kerberos service as such.
authorization. Although Kerberos tickets may include some authorization information, the
meaning of the authorization fields is not standardized in the Kerberos specifications, and
authorization is not a primary Kerberos service.The following reference(s) were/was used to create this question:
ISC2 OIG,2007 p. 179-184
Shon Harris AIO v.3 152-155

Mandatory access control

With mandatory access control (MAC), the authorization of a subject's
access to an object is dependant upon labels, which indicate the subject's clearance, and
the classification or sensitivity of the object. Label-based access control is not defined.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 33).

A workstation or system that generates a random challenge string that the user enters
into the token when prompted along with the proper PIN.

.

Challenge-response tokens are:
- A workstation or system generates a random challenge string and the owner enters the
string into the token along with the proper PIN.
- The token generates a response that is then entered into the workstation or system.
- The authentication mechanism in the workstation or system then determines if the owner
should be authenticated.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne,
2002, chapter 4: Access Control (pages 136-137).

Accuracy

Accuracy is the most critical characteristic of a biometric identifying
verification system.
Accuracy is measured in terms of false rejection rate (FRR, or type I errors) and false
acceptance rate (FAR or type II errors).
The Crossover Error Rate (CER) is the point at which the FRR equals the FAR and has
become the most important measure of biometric system accuracy.
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management
Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric Identification
(page 9).

Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?

Physical security and environmental security are part of operational controls,
and are measures taken to protect systems, buildings, and related supporting
infrastructures against threats associated with their physical environment. All the questions
above are useful in assessing physical and environmental protection except for the one
regarding processes that ensuring that unauthorized individuals cannot access information,
which is more a production control.
Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-
Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to
A-24).

User can be authenticated by what he knows.

As this is not a characteristic of Biometrics this is the rigth choice for this
question. This is one of the three basic way authentication can be performed and it is not
related to Biometrics. Example of something you know would be a password or PIN for example.
Please make a note of the negative 'FALSE' within the question. This question may seem
tricky to some of you but you would be amazed at how many people cannot deal with
negative questions. There will be a few negative questions within the real exam, just like
this one the keyword NOT or FALSE will be in Uppercase to clearly indicate that it is
negative.
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or
behavior, which is one of the most effective and accurate methods of performing
authentication (one to one matching) or identification (a one to many matching).
A biometric system scans an attribute or behavior of a person and compares it to a
template store within an authentication server datbase, such template would be created in
an earlier enrollment process. Because this system inspects the grooves of a person’s
fingerprint, the pattern of someone’s retina, or the pitches of someone’s voice, it has to be
extremely sensitive.
The system must perform accurate and repeatable measurements of anatomical or
physiological characteristics. This type of sensitivity can easily cause false positives or
false negatives. The system must be calibrated so that these false positives and false
negatives occur infrequently and the results are as accurate as possible.
There aretwo types of failures in biometric identification:
False Rejection also called False Rejection Rate (FRR) — The system fail to recognize a
legitimate user. While it could be argued that this has the effect of keeping the protected
area extra secure, it is an intolerable frustration to legitimate users who are refused access
because the scanner does not recognize them.
False Acceptance or False Acceptance Rate (FAR) — This is an erroneous recognition,
either by confusing one user with another or by accepting an imposter as a legitimate user.
Physiological Examples:
Unique Physical Attributes:
Fingerprint (Most commonly accepted)
Hand Geometry
Retina Scan (Most accurate but most intrusive)Iris Scan
Vascular Scan
Behavioral Examples:
Repeated Actions
Keystroke Dynamics
(Dwell time (the time a key is pressed) and Flight time (the time between "key up" and the
next "key down").
Signature Dynamics
(Stroke and pressure points)
EXAM TIP:
Retina scan devices are the most accurate but also the most invasive biometrics system
available today. The continuity of the retinal pattern throughout life and the difficulty in
fooling such a device also make it a great long-term, high-security option. Unfortunately,
the cost of the proprietary hardware as well the stigma of users thinking it is potentially
harmful to the eye makes retinal scanning a bad fit for most situations.
Remember for the exam that fingerprints are the most commonly accepted type of
biometrics system.
The other answers are incorrect:
'Users can be authenticated based on behavior.' is incorrect as this choice is TRUE as it
pertains to BIOMETRICS.
Biometrics systems makes use of unique physical characteristics or behavior of users.
'User can be authenticated based on unique physical attributes.' is also incorrect as this
choice is also TRUE as it pertains to BIOMETRICS. Biometrics systems makes use of
unique physical characteristics or behavior of users.
'A biometric system's accuracy is determined by its crossover error rate (CER)' is also
incorrect as this is TRUE as it also pertains to BIOMETRICS. The CER is the point at which
the false rejection rates and the false acceptance rates are equal. The smaller the value of
the CER, the more accurate the system.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third  Edition ((ISC)2 Press) (Kindle Locations 25353-25356). Auerbach Publications. Kindle
Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 25297-25303). Auerbach Publications. Kindle
Edition.

Preventive

Password management is an example of preventive control.
Proper passwords prevent unauthorized users from accessing a system.
There are literally hundreds of different access approaches, control methods, and
technologies, both in the physical world and in the virtual electronic world. Each method
addresses a different type of access control or a specific access need.
For example, access control solutions may incorporate identification and authentication
mechanisms, filters, rules, rights, logging and monitoring, policy, and a plethora of other
controls. However, despite the diversity of access control methods, all access control
systems can be categorized into seven primary categories.
The seven main categories of access control are:
1. Directive: Controls designed to specify acceptable rules of behavior within an
organization
2. Deterrent: Controls designed to discourage people from violating security directives                               3. Preventive: Controls implemented to prevent a security incident or information breach                      4. Compensating: Controls implemented to substitute for the loss of primary controls and
mitigate risk down to an acceptable level
5. Detective: Controls designed to signal a warning when a security control has been
breached
6. Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore
controls
7. Recovery: Controls implemented to restore conditions to normal after a security incident
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle 4. Compensating: Controls implemented to substitute for the loss of primary controls and
mitigate risk down to an acceptable level
5. Detective: Controls designed to signal a warning when a security control has been
breached
6. Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore
controls
7. Recovery: Controls implemented to restore conditions to normal after a security incident
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle 4. Compensating: Controls implemented to substitute for the loss of primary controls and
mitigate risk down to an acceptable level
5. Detective: Controls designed to signal a warning when a security control has been
breached
6. Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore
controls
7. Recovery: Controls implemented to restore conditions to normal after a security incident
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle Edition.