Page 1543 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1543

auditing provide accountability.

                7.  D. Accountability does not include authorization. Accountability
                    requires proper identification and authentication. After

                    authentication, accountability requires logging to support auditing.

                8.  B. Password history can prevent users from rotating between two
                    passwords. It remembers previously used passwords. Password
                    complexity and password length help ensure that users create
                    strong passwords. Password age ensures that users change their
                    password regularly.


                9.  B. A passphrase is a long string of characters that is easy to
                    remember, such as IP@$$edTheCISSPEx@m. It is not short and
                    typically includes all four sets of character types. It is strong and
                    complex, making it difficult to crack.

              10.  A. A Type 2 authentication factor is based on something you have,
                    such as a smartcard or token device. Type 3 authentication is based
                    on something you are and sometimes something you do, which

                    uses physical and behavioral biometric methods. Type 1
                    authentication is based on something you know, such as passwords
                    or PINs.

               11.  A. A synchronous token generates and displays onetime passwords,
                    which are synchronized with an authentication server. An
                    asynchronous token uses a challenge-response process to generate
                    the onetime password. Smartcards do not generate onetime

                    passwords, and common access cards are a version of a smartcard
                    that includes a picture of the user.

               12.  B. Physical biometric methods such as fingerprints and iris scans
                    provide authentication for subjects. An account ID provides
                    identification. A token is something you have and it creates
                    onetime passwords, but it is not related to physical characteristics.
                    A personal identification number (PIN) is something you know.

               13.  C. The point at which the biometric false rejection rate and the

                    false acceptance rate are equal is the crossover error rate (CER). It
                    does not indicate that sensitivity is too high or too low. A lower
                    CER indicates a higher-quality biometric device, and a higher CER
   1538   1539   1540   1541   1542   1543   1544   1545   1546   1547   1548