CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 22)

Page 21 of 269
PDF with 1074 Questions

Which of the following choices describe a Challenge-response tokens generation?

  1. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.
  2. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN.
  3. A special hardware device that is used to generate ramdom text in a cryptography system.
  4. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

Answer(s): A

Explanation:

Challenge-response tokens are:
- A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN.
- The token generates a response that is then entered into the workstation or system.
- The authentication mechanism in the workstation or system then determines if the owner should be authenticated.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).



What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?

  1. Biometrics
  2. Micrometrics
  3. Macrometrics
  4. MicroBiometrics

Answer(s): A

Explanation:

Biometrics; Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 37,38.



In biometrics, "one-to-many" search against database of stored biometric images is done in:

  1. Authentication
  2. Identification
  3. Identities
  4. Identity-based access control

Answer(s): B

Explanation:

In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.



In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

  1. Authentication
  2. Identification
  3. Auditing
  4. Authorization

Answer(s): A

Explanation:

Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION ONE TO ONE is for AUTHENTICATION
This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with the one stored in the Database. If the two are exactly the same that prove that you are who you pretend to be.
ONE TO MANY is for IDENTIFICATION
A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your face and then compare the template (your face) with a database full of templates and see if there is a match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person.
Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to expected data. It does not perform well for identification purposes such as scanning for a person's face in a moving crowd for example.
Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge.
Auditing is a process of logging or tracking what was done after the identity and authentication process is completed.
Authorization is the rights the subject is given and is performed after the identity is established.
Reference OIG (2007) p148, 167
Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by a person.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts