Event logging

Although TACACS+ provides better audit trails, event logging is a service
that is provided with TACACS.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 121).

D. plan for considering proper authentication options.

Before a LAN is connected to the Internet, you need to determine what the
access controls mechanisms are to be used, this would include how you are going to
authenticate individuals that may access your network externally through access control.
The following answers are incorrect: plan for implementing workstation locking mechanisms. This is incorrect because locking
the workstations have no impact on the LAN or Internet access.
plan for protecting the modem pool. This is incorrect because protecting the modem pool
has no impact on the LAN or Internet access, it just protects the modem.
plan for providing the user with his account usage information. This is incorrect because
the question asks what should be done first. While important your primary concern should
be focused on security.

The pattern of blood vessels at the back of the eye

The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part
of the eye which senses light and transmits impulses through the optic nerve to the brain -
the equivalent of film in a camera. Blood vessels used for biometric identification are
located along the neural retina, the outermost of retina's four cell layers.
The following answers are incorrect:
The amount of light reaching the retina The amount of light reaching the retina is not used
in the biometric scan of the retina.
The amount of light reflected by the retina The amount of light reflected by the retina is not
used in the biometric scan of the retina.
The pattern of light receptors at the back of the eye This is a distractor
The following reference(s) were/was used to create this question:
Reference: Retina Scan Technology ISC2 Official Guide to the CBK, 2007 (Page 161)

Division D

The criteria are divided into four divisions: D, C, B, and A ordered in a
hierarchical manner with the highest division (A) being reserved for systems providing the
most comprehensive security.
Each division represents a major improvement in the overall confidence one can place in
the system for the protection of sensitive information.
Within divisions C and B there are a number of subdivisions known as classes. The classes
are also ordered in a hierarchical manner with systems representative of division C and
lower classes of division B being characterized by the set of computer security
mechanisms that they possess.
Assurance of correct and complete design and implementation for these systems is gained
mostly through testing of the security- relevant portions of the system. The security-relevant
portions of a system are referred to throughout this document as the Trusted Computing
Base (TCB).Systems representative of higher classes in division B and division A derive their security
attributes more from their design and implementation structure. Increased assurance that
the required features are operative, correct, and tamperproof under all circumstances is
gained through progressively more rigorous analysis during the design process.
TCSEC provides a classification system that is divided into hierarchical divisions of
assurance levels Systems representative of higher classes in division B and division A derive their security
attributes more from their design and implementation structure. Increased assurance that
the required features are operative, correct, and tamperproof under all circumstances is
gained through progressively more rigorous analysis during the design process.
TCSEC provides a classification system that is divided into hierarchical divisions of
assurance levelsDivision D - minimal security
Division C - discretionary protection
Division B - mandatory protection
Division A - verified protection
Reference: page 358 AIO V.5 Shon Harris
also
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, page 197.
Also:
THE source for all TCSEC "level" questions:
http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt

 D

D or "minimal protection" is reserved for systems that were evaluated under
the TCSEC but did not meet the requirements for a higher trust level.
A is incorrect. A or "Verified Protectection" is the highest trust level under the TCSEC.
E is incorrect. The trust levels are A - D so "E" is not a valid trust level.
F is incorrect. The trust levels are A - D so "F" is not a valid trust level.
CBK, pp. 329 - 330
AIO3, pp. 302 - 306

 Access Control Matrix model
l

An access control matrix is a table of subjects and objects indicating what
actions individual subjects can take upon individual objects. Matrices are data structures
that programmers implement as table lookups that will be used and enforced by the
operating system.
This type of access control is usually an attribute of DAC models. The access rights can be
assigned directly to the subjects (capabilities) or to the objects (ACLs).
Capability Table
A capability table specifies the access rights a certain subject possesses pertaining to
specific objects. A capability table is different from an ACL because the subject is bound to
the capability table, whereas the object is bound to the ACL.
Access control lists (ACLs)A ACLs are used in several operating systems, applications, and router configurations. They
are lists of subjects that are authorized to access a specific object, and they define what
level of authorization is granted. Authorization can be specific to an individual, group, or
role. ACLs map values from the access control matrix to the object.
Whereas a capability corresponds to a row in the access control matrix, the ACL
corresponds to a column of the matrix.
NOTE: Ensure you are familiar with the terms Capability and ACLs for the purpose of the
exam.
Resource(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
5264-5267). McGraw-Hill. Kindle Edition.
or
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition, Page 229 and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 1923-1925). Auerbach Publications. Kindle
Edition.

Users would get access to only the info for which they have a need to know

The principle of least privilege refers to allowing users to have only the
access they need and not anything more. Thus, certain users may have no need to access
any of the files on specific systems.
The following answers are incorrect: Users can access all systems. Although the principle of least privilege limits what access
and systems users have authorization to, not all users would have a need to know to
access all of the systems. The best answer is still Users would get access to only the info
for which they have a need to know as some of the users may not have a need to access a
system.
Users get new privileges when they change positions. Although true that a user may
indeed require new privileges, this is not a given fact and in actuality a user may require
less privileges for a new position. The principle of least privilege would require that the
rights required for the position be closely evaluated and where possible rights revoked.
Authorization creep. Authorization creep occurs when users are given additional rights with
new positions and responsibilities. The principle of least privilege should actually prevent
authorization creep.
Thefollowing reference(s) were/was used to create this question:
ISC2 OIG 2007 p.101,123
Shon Harris AIO v3 p148, 902-903

Retina Scan

According to the cited reference, of the given options, the Retina scan has
the lowest user acceptance level as it is needed for the user to get his eye close to a
device and it is not user friendly and very intrusive.
However, retina scan is the most precise with about one error per 10 millions usage.
Look at the 2 tables below. If necessary right click on the image and save it on your
desktop for a larger view or visit the web site directly at
https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy .
Biometric Comparison Chart
C:\Users\MCS\Desktop\1.jpg

C:\Users\MCS\Desktop\1.jpg
Biometric Aspect Descriptions
Reference(s) used for this question:
RHODES, Keith A., Chief Technologist, United States General Accounting Office, National
Preparedness, Technologies to Secure Federal Buildings, April 2002 (page 10).
and
https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy

Type II error

When the biometric system accepts impostors who should have been
rejected , it is called a Type II error or False Acceptance Rate or False Accept Rate.
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or
behavior, which is one of the most effective and accurate methods of verifying
identification.
Biometrics is a very sophisticated technology; thus, it is much more expensive and complex
than the other types of identity verification processes. A biometric system can make
authentication decisions based on an individual’s behavior, as in signature dynamics, but
these can change over time and possibly be forged.Biometric systems that base authentication decisions on physical attributes (iris, retina,
fingerprint) provide more accuracy, because physical attributes typically don’t change
much, absent some disfiguring injury, and are harder to impersonate.
When a biometric system rejects an authorized individual, it is called a Type I error (False
Rejection Rate (FRR) or False Reject Rate (FRR)).
When the system accepts impostors who should be rejected, it is called a Type II error
(False Acceptance Rate (FAR) or False Accept Rate (FAR)). Type II errors are the most
dangerous and thus the most important to avoid.
The goal is to obtain low numbers for each type of error, but When comparing different
biometric systems, many different variables are used, but one of the most important metrics
is the crossover error rate (CER).
The accuracy of any biometric method is measured in terms of Failed Acceptance Rate
(FAR) and Failed Rejection Rate (FRR). Both are expressed as percentages. The FAR is
the rate at which attempts by unauthorized users are incorrectly accepted as valid. The
FRR is just the opposite. It measures the rate at which authorized users are denied access.
The relationship between FRR (Type I) and FAR (Type II) is depicted in the graphic below .
As one rate increases, the other decreases. The Cross-over Error Rate (CER) is
sometimes considered a good indicator of the overall accuracy of a biometric system. This
is the point at which the FRR and the FAR have the same value. Solutions with a lower
CER are typically more accurate.
See graphic below from Biometria showing this relationship. The Cross-over Error Rate
(CER) is also called the Equal Error Rate (EER), the two are synonymous.  

Cross Over Error Rate
The other answers are incorrect:
Type I error is also called as False Rejection Rate where a valid user is rejected by the
system.
Type III error : there is no such error type in biometric system.
Crossover error rate stated in percentage , represents the point at which false rejection
equals the false acceptance rate.























































             

An access control matrix

The matrix lists the users, groups and roles down the left side and the
resources and functions across the top. The cells of the matrix can either indicate that
access is allowed or indicate the type of access. CBK pp 317 - 318.
AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a
certain subject possesses pertaining to specific objects.
In either case, the matrix is a way of analyzing the access control needed by a population
of subjects to a population of objects. This access control can be applied using rules,
ACL's, capability tables, etc. "A capacity table" is incorrect.
This answer is a trap for the unwary - it sounds a little like "capability table" but is just there
to distract you.
"An access control list" is incorrect.
"It [ACL] specifies a list of users [subjects] who are allowed access to each object" CBK, p.
188 Access control lists (ACL) could be used to implement the rules identified by an access
control matrix but is different from the matrix itself.
"A capability table" is incorrect. "Capability tables are used to track, manage and apply controls based on the object and
rights, or capabilities of a subject. For example, a table identifies the object, specifies
access rights allowed for a subject, and permits access based on the user's posession of a
capability (or ticket) for the object." CBK, pp. 191-192. To put it another way, as noted in
AIO3 on p. 169, "A capabiltiy table is different from an ACL because the subject is bound to
the capability table, whereas the object is bound to the ACL."
Again, a capability table could be used to implement the rules identified by an access
control matrix but is different from the matrix itself.
References:
CBK pp. 191-192, 317-318
AIO3, p. 169