CISSP PRACTICE QUESTIONS – 20201110

Effective CISSP Questions

In a biometric-based authentication, the false acceptance rate (FAR) occurs when the authentication system accepts a user whom it should actually have rejected. Which of the following is also known as FAR?
A. True positive
B. False positive
C. True negative
D. False negative

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. False positive. 

I summarized the decisions of the PACS with biometric-based authentication and IDS as the following table. 

False Acceptance Rate (FAR) and False Positive

False acceptance rate (FAR) and false rejection rate (FRR) are two of these.

* FAR occurs when we accept a user whom we should actually have rejected. This type of issue is also referred to as a false positive.

* FRR is the problem of rejecting a legitimate user when we should have accepted him. This type of issue is commonly known outside the world of biometrics as a false negative.

Source: Jason Andress, in The Basics of Information Security (Second Edition), 2014

PACS Decisions (Biometric-based)

Technical testing in biometrics has historically focused on throughput and recognition error rates – the latter of two types: false positives (also called false matches – an incorrect decision that two biometric samples are from the same individual when they are not) and false negatives (also called false non-matches – an incorrect decision that two biometric samples are not from the same individual when they in fact are).

Note #20: Here, NIST’s use of the term “FAR” (False Acceptance Rate) is to be interpreted as the false match rate.

Source: Fundamental issues in biometric performance testing: A modern statistical and philosophical framework for uncertainty assessment (NIST)

IDS Decisions

In terms of the accuracy of an IDS, there are four possible states for each activity observed.

  • A true positive state is when the IDS identifies an activity as an attack and the activity is actually an attack. A true positive is a successful identification of an attack.
  • A true negative state is similar. This is when the IDS identifies an activity as acceptable behavior and the activity is actually acceptable. A true negative is successfully ignoring acceptable behavior. Neither of these states are harmful as the IDS is performing as expected.
  • A false positive state is when the IDS identifies an activity as an attack but the activity is acceptable behavior. A false positive is a false alarm.
  • A false negative state is the most serious and dangerous state. This is when the IDS identifies an activity as acceptable when the activity is actually an attack. That is, a false negative is when the IDS fails to catch an attack. This is the most dangerous state since the security professional has no idea that an attack took place. False positives, on the other hand, are an inconvenience at best and can cause significant issues. However, with the right amount of overhead, false positives can be successfully adjudicated; false negatives cannot.

Source: Intrusion Detection (OWASP)

Biometrics

Biometric matching, such as for fingerprint recognition, facial recognition or iris recognition, is susceptible to type I and type II errors.

Hypothesis: “The input does not identify someone in the searched list of people”

Null hypothesis: “The input does identify someone in the searched list of people”

Type I error (false reject rate): “The true fact is that the person is someone in the searched list but the system concludes that the person is not according to the data.”

Type II error (false match rate): “The true fact is that the person is not someone in the searched list but the system concludes that the person is someone whom we are looking for according to the data.”

The probability of type I errors is called the “false reject rate” (FRR) or false non-match rate (FNMR), while the probability of type II errors is called the “false accept rate” (FAR) or false match rate (FMR).

If the system is designed to rarely match suspects then the probability of type II errors can be called the “false alarm rate”. On the other hand, if the system is used for validation (and acceptance is the norm) then the FAR is a measure of system security, while the FRR measures user inconvenience level.

Source: Wikipedia

Type I and Type II Errors

There are two types of errors as a result of a test procedure:

  • Type I error is the rejection of a true null hypothesis. (aka a “false positive“)
  • Type II error is the failure to reject a false null hypothesis. (aka a “false negative“)

“The null hypothesis is generally assumed to be true until evidence indicates otherwise (similar to the case that a defendant of a jury trial is presumed innocent until proven guilty).” (Wikipedia)

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

在基於生物特徵的身份驗證中,當身份驗證系統接受了實際上應該拒絕的用戶時,就會出現錯誤接受率(FAR)。 以下哪個是FAR的同義詞?
A. 真陽性 (True positive)
B. 偽陽性 (False positive)
C. 真陰性 (True negative)
D. 偽陰性 (False negative)

 

Leave a Reply