CISSP PRACTICE QUESTIONS – 20191207

Effective CISSP Questions

Your company implemented a new fingerprint access control system. It seemingly does not work properly as you and many employees are sometimes rejected out of the door and the recognition speed is annoying. Which of the following is the best to address this issue?
A. Increase the False Rejection Rate (FRR)
B. Decrease the False Acceptance Rate (FAR)
C. Implement one-to-one authentication
D. Lower Equal Error Rate (EER)


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Implement one-to-one authentication.

 

 

Biometric technologies can be used for identification (one-to-many or 1:M) and authentication (one-to-one or 1:1).

  • Identification is the process of comparing the subject’s template of biometric features against all the templates stored in the model repository.
  • Authentication is the process of comparing the biometric template with the ONE stored in the model repository by asking the subject to swipe his or her smart card or input employee ID. The authentication performance is much better than identification.

A high False Rejection Rate (FRR) means high security and low convenience while a high False Acceptance Rate (FAR) means high convenience and low security.

  • Either increasing the False Rejection Rate (FRR) or decreasing the False Acceptance Rate (FAR) raises the level of security. It gets the situation worse; more employees will be locked out from the door.
  • Moreover, modifying the sensitivity of the fingerprint scanner to alter the FRR or FAR won’t improve the annoying recognition speed either.

Error Rate (EER) is the error rate at which FAR equals FRR.

  • Lower Equal Error Rate (EER), also known as Crossover Error Rate (CER), is a comparison metric for different biometric devices and technologies.
  • The lower the CER, the more accurate and reliable the biometric device. It’s an informational item when you are making purchasing decisions. Different biometric devices and technologies can be compared against EER or CER.

References

Leave a Reply