the optical unit must be positioned so that the sun does not shine into the aperture

Because the optical unit utilizes a camera and infrared light to create the
images, sun light can impact the aperture so it must not be positioned in direct light of any
type. Because the subject does not need to have direct contact with the optical reader,
direct light can impact the reader.
An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris.
A camera like device records the patterns of the iris creating what is known as Iriscode.
It is the unique patterns of the iris that allow it to be one of the most accurate forms of
biometric identification of an individual. Unlike other types of biometics, the iris rarely
changes over time. Fingerprints can change over time due to scaring and manual labor,
voice patterns can change due to a variety of causes, hand geometry can also change as
well. But barring surgery or an accident it is not usual for an iris to change. The subject has
a high-resoulution image taken of their iris and this is then converted to Iriscode. The
current standard for the Iriscode was developed by John Daugman. When the subject
attempts to be authenticated an infrared light is used to capture the iris image and this
image is then compared to the Iriscode. If there is a match the subject's identity is
confirmed. The subject does not need to have direct contact with the optical reader so it is
a less invasive means of authentication then retinal scanning would be.                                           Reference(s) used for this question:
AIO, 3rd edition, Access Control, p 134.
AIO, 4th edition, Access Control, p 182.
Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition
The following answers are incorrect:
concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern that the laser beam may cause eye damage is not an issue.
the iris pattern changes as a person grows older. The question asked about the physical
installation of the scanner, so this was not the best answer. If the question would have
been about long term problems then it could have been the best choice. Recent research
has shown that Irises actually do change over time: http://www.nature.com/news/ageingeyes-
hinder-biometric-scans-1.10722
there is a relatively high rate of false accepts. Since the advent of the Iriscode there is a
very low rate of false accepts, in fact the algorithm used has never had a false match. This
all depends on the quality of the equipment used but because of the uniqueness of the iris
even when comparing identical twins, iris patterns are unique.

 Double fencing

The most commonly used fence is the chain linked fence and it is the most
affordable. The standard is a six-foot high fence with two-inch mesh square openings. The
material should consist of nine-gauge vinyl or galvanized metal. Nine-gauge is a typical
fence material installed in residential areas.
Additionally, it is recommended to place barbed wire strands angled out from the top of the
fence at a 45° angle and away from the protected area with three strands running across
the top. This will provide for a seven-foot fence. There are several variations of the use of
“top guards” using V-shaped barbed wire or the use of concertina wire as an enhancement,
which has been a replacement for more traditional three strand barbed wire “top guards.”
The fence should be fastened to ridged metal posts set in concrete every six feet with
additional bracing at the corners and gate openings. The bottom of the fence should be
stabilized against intruders crawling under by attaching posts along the bottom to keep the fence from being pushed or pulled up from the bottom. If the soil is sandy, the bottom edge
of the fence should be installed below ground level.
For maximum security design, the use of double fencing with rolls of concertina wire
positioned between the two fences is the most effective deterrent and cost-efficient
method. In this design, an intruder is required to use an extensive array of ladders and
equipment to breach the fences.
Most fencing is largely a psychological deterrent and a boundary marker rather than a
barrier, because in most cases such fences can be rather easily penetrated unless added
security measures are taken to enhance the security of the fence. Sensors attached to the
fence to provide electronic monitoring of cutting or scaling the fence can be used.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 24416-24431). Auerbach Publications. Kindle
Edition.

security budget

Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao
Vallabhaneni

The Clark Wilson integrity model

The Clark Wilson integrity model addresses the three following integrity
goals: 1) data is protected from modification by unauthorized users; 2) data is protected
from unauthorized modification by authorized users; and 3) data is internally and externally
consistent. It also defines a Constrained Data Item (CDI), an Integrity Verification
Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The
Bell-LaPadula and Take-Grant models are not integrity models.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architecture and Models (page 205).

The Key Distribution Center

The Key Distribution Center (KDC) holds all users' and services'
cryptographic keys. It provides authentication services, as well as key distribution
functionality. The Authentication Service is the part of the KDC that authenticates a
principal. The Key Distribution Service and Key Granting Service are distracters and are
not defined Kerberos components.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control
System & Methodology (page 3)

 one-time passwords and encryption.

To minimize the chance of passwords being captured one-time passwords
would prevent a password sniffing attack because once used it is no longer valid.
Encryption will also minimize these types of attacks.
The following answers are correct:
static and recurring passwords. This is incorrect because if there is no encryption then
someone password sniffing would be able to capture the password much easier if it never
changed.
encryption and recurring passwords. This is incorrect because while encryption helps,
recurring passwords do nothing to minimize the risk of passwords being captured.
static and one-time passwords. This is incorrect because while one-time passwords will
prevent these types of attacks, static passwords do nothing to minimize the risk of
passwords being captured. 

Mandatory access control

The mandatory access control model is based on a security label system.
Users are given a security clearance and data is classified. The classification is stored in
the security labels of the resources. Classification labels specify the level of trust a user
must have to access a certain file.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).

Physical controls

Administrative, technical and physical controls are categories of access
control mechanisms.
Logical and Technical controls are synonymous. So both of them could be eliminated as
possible choices.
Physical Controls: These are controls to protect the organization’s people and physical
environment, such as locks, gates, and guards. Physical controls may be called
“operational controls” in some contexts.
Physical security covers a broad spectrum of controls to protect the physical assets
(primarily the people) in an organization. Physical Controls are sometimes referred to as
“operational” controls in some risk management frameworks. These controls range from doors, locks, and windows to environment controls, construction standards, and guards.
Typically, physical security is based on the notion of establishing security zones or
concentric areas within a facility that require increased security as you get closer to the
valuable assets inside the facility. Security zones are the physical representation of the
defense-in-depth principle discussed earlier in this chapter. Typically, security zones are
associated with rooms, offices, floors, or smaller elements, such as a cabinet or storage
locker. The design of the physical security controls within the facility must take into account
the protection of the asset as well as the individuals working in that area.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1301-1303). Auerbach Publications. Kindle
Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1312-1318). Auerbach Publications. Kindle
Edition.

 authenticity

These factors cover the integrity, confidentiality, and availability components
of information system security.
Integrity is important in access control as it relates to ensuring only authorized subjects can
make changes to objects.
Authenticity is different from authentication. Authenticity pertains to something being
authentic, not necessarily having a direct correlation to access control Confidentiality is pertinent to access control in that the access to sensitive information is
controlled to protect confidentiality.
vailability is protected by access controls in that if an attacket attempts to disrupt availability
they would first need access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.

Access control lists are related/attached to an object whereas capability tables are
related/attached to a subject

Capability tables are used to track, manage and apply controls based on the
object and rights, or capabilities of a subject. For example, a table identifies the object,
specifies access rights allowed for a subject, and permits access based on the user's
posession of a capability (or ticket) for the object. It is a row within the matrix.
To put it another way, A capabiltiy table is different from an ACL because the subject is
bound to the capability table, whereas the object is bound to the ACL.
CLEMENT NOTE:
If we wish to express this very simply: Capabilities are attached to a subject and it describe what access the subject has to each
of the objects on the row that matches with the subject within the matrix. It is a row within
the matrixACL's are attached to objects, it describe who has access to the object and what type of
access they have. It is a column within the matrix.
The following are incorrect answers:
"Access control lists are subject-based whereas capability tables are object-based" is
incorrect.
"Capability tables are used for objects whereas access control lists are used for users" is
incorrect.
"They are basically the same" is incorrect.
References used for this question:
CBK, pp. 191 - 192
AIO3 p. 169

Mandatory access control

Access decisions are made based on the clearance of the subject and the
sensitivity label of the object.
Example: Eve has a "Secret" security clearance and is able to access the "Mugwump
Missile Design Profile" because its sensitivity label is "Secret." She is denied access to the
"Presidential Toilet Tissue Formula" because its sensitivity label is "Top Secret."
The other answers are not correct because:
Discretionary Access Control is incorrect because in DAC access to data is determined by
the data owner. For example, Joe owns the "Secret Chili Recipe" and grants read access
Question No : 35 - (Topic 1)
ISC SSCP : Practice Test
Best Solution to Charles.
Role Based Access Control is incorrect because in RBAC access decsions are made
based on the role held by the user. For example, Jane has the role "Auditor" and that role
includes read permission on the "System Audit Log."
Rule Based Access Control is incorrect because it is a form of MAC. A good example
would be a Firewall where rules are defined and apply to anyone connecting through the
firewall.
References:
All in One third edition, page 164.
Official ISC2 Guide page 187. 

Logon Banners

Banners at the log-on time should be used to notify external users of any
monitoring that is being conducted. A good banner will give you a better legal stand and
also makes it obvious the user was warned about who should access the system and if it is
an unauthorized user then he is fully aware of trespassing.
This is a tricky question, the keyword in the question is External user.
There are two possible answers based on how the question is presented, this question
could either apply to internal users or ANY anonymous user.
Internal users should always have a written agreement first, then logon banners serve as a
constant reminder. Anonymous users, such as those logging into a web site, ftp server or even a mail server;
their only notification system is the use of a logon banner.
References used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 50.
and
Shon Harris, CISSP All-in-one, 5th edition, pg 873