biometrics

An alternative to using passwords for authentication in logical or technical
access control is biometrics. Biometrics are based on the Type 3 authentication
mechanism-something you are.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.

 Access-Granted

In response to an access-request from a client, a RADIUS server returns one
of three authentication responses: access-accept, access-reject, or access-challenge, the
latter being a request for additional authentication information such as a one-time password
from a token or a callback identifier.
Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management
Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, page 36.

clipping level

The correct answer is "clipping level". This is the point at which a system
decides to take some sort of action when an action repeats a preset number of times. That
action may be to log the activity, lock a user account, temporarily close a port, etc.
Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user's account after three failed login attemts, that is the
"clipping level".
The other answers are not correct because:
Acceptance level, forgiveness level, and logging level are nonsensical terms that do not
exist (to my knowledge) within network security.
Reference:
Official ISC2 Guide - The term "clipping level" is not in the glossary or index of that book. I
cannot find it in the text either. However, I'm quite certain that it would be considered part
of the CBK, despite its exclusion from the Official Guide.
All in One Third Edition page: 136 - 137

Illiminated at eight feet high with at least three foot-candles

The National Institute of Standards and Technology (NIST) standard
pertaining to perimeter protection states that critical areas should be illuminated eight feet
high with at least two foot-candles.
It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of
two foot-candles.
One footcandle 10.764 lux. The footcandle (or lumen per square foot) is a non-SI unit of
illuminance. Like the BTU, it is obsolete but it is still in fairly common use in the United
States, particularly in construction-related engineering and in building codes. Because lux
and footcandles are different units of the same quantity, it is perfectly valid to convert footcandles to lux and vice versa.
The name "footcandle" conveys "the illuminance cast on a surface by a one-candela
source one foot away." As natural as this sounds, this style of name is now frowned upon,
because the dimensional formula for the unit is not foot • candela, but lumens per square
foot.
Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e.
the illuminance cast on a surface by a one-candela source one meter away). A source that
is farther away casts less illumination than one that is close, so one lux is less illuminance
than one footcandle. Since illuminance follows the inverse-square law, and since one foot =
0.3048 m, one lux = 0.30482 footcandle 1/10.764 footcandle.
TIPS FROM CLEMENT:
Illuminance (light level) – The amount of light, measured in foot-candles (US unit), that fallsn a surface, either horizontal or vertical.
Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than
3:1, no area less than 1 fc.
All illuminance measurements are to be made on the horizontal plane with a certified light
meter calibrated to NIST standards using traceable light sources.
The CISSP Exam Cram 2 from Michael Gregg says:
Lighting is a commonly used form of perimeter protection.
Some studies have found that up to 80% of criminal acts at businesses and shopping
centers happen in adjacent parking lots. Therefore, it's easy to see why lighting can be
such an important concern.
Outside lighting discourages prowlers and thieves. The National Institute of Standards and Technologies (NIST) states that, for effective
perimeter control, buildings should be illuminated 8 feet high, with 2-foot candle power.
Reference used for this question:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001,
Page 325.
and
Shon's AIO v5 pg 459and
http://en.wikipedia.org/wiki/Foot-candle

Passwords

Most of the time users usually choose passwords which can be guessed ,
hence passwords is the BEST answer out of the choices listed above.
The following answers are incorrect because :
Passphrases is incorrect as it is more secure than a password because it is longer.
One-time passwords is incorrect as the name states , it is good for only once and cannot
be reused.
Token devices is incorrect as this is also a password generator and is an one time
password mechanism.
Reference : Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 139 , 142.

The noninterference model

The goal of a noninterference model is to strictly separate differing security
levels to assure that higher-level actions do not determine what lower-level users can see.
This is in contrast to other security models that control information flows between differing
levels of users, By maintaining strict separation of security levels, a noninterference model
minimizes leakages that might happen through a covert channel.
The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with
confidentiality and bases access control decsions on the classfication of objects and the
clearences of subjects.
The information flow model is incorrect. The information flow models have a similar
framework to the Bell-LaPadula model and control how information may flow between
objects based on security classes.
The Biba model is incorrect. The Biba model is concerned with integrity and is a
complement to the Bell-LaPadula model in that higher levels of integrity are more trusted than lower levels. Access control us based on these integrity levels to assure that
read/write operations do not decrease an object's integrity.
References:
CBK, pp 325 - 326
AIO3, pp. 290 - 291

 people

"Ultimately, people are the last line of defense for your company’s assets"
(Pastore & Dulaney, 2006, p. 529).
Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101.
Indianapolis, IN: Sybex

 Bell-LaPadula model

The Bell-LaPadula model is a confidentiality model for information security
based on the military classification of data, on people with clearances and data with a
classification or sensitivity model. The Biba, Clark-Wilson and Brewer-Nash models are
concerned with integrity.
Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide,
January 2002.

magnetically striped card

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342.

Access badges

Access badges are more relevant to physical security rather than remote
access.
"Justification for remote access" is incorrect. Justification for remote access is a relevant
concern.
"Auditing of activities" is incorrect. Auditing of activites is an imporant aspect to assure that
malicious or unauthorized activities are not occuring.
"Regular review of access privileges" is incorrect. Regular review of remote accept
privileges is an important management responsibility.
References:
AIO3, pp. 547 - 548