Crossover Error Rate (CER)

The percentage at which the False Rejection Rate equals the False
Acceptance Rate is called the Crossover Error Rate (CER). Another name for the CER is
the Equal Error Rate (EER), any of the two terms could be used.
Equal error rate or crossover error rate (EER or CER)
It is the rate at which both accept and reject errors are equal. The EER is a quick way to
compare the accuracy of devices with different ROC curves. In general, the device with the
lowest EER is most accurate.
The other choices were all wrong answers:
The following are used as performance metrics for biometric systems:
false accept rate or false match rate (FAR or FMR): the probability that the system
incorrectly matches the input pattern to a non-matching template in the database. It
measures the percent of invalid inputs which are incorrectly accepted. This is when an
impostor would be accepted by the system. False reject rate or false non-match rate (FRR or FNMR): the probability that the system
fails to detect a match between the input pattern and a matching template in the database.
It measures the percent of valid inputs which are incorrectly rejected. This is when a valid
company employee would be rejected by the system.
Failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an
input is unsuccessful. This is most commonly caused by low quality inputs.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 38.
and
https://en.wikipedia.org/wiki/Biometrics

It depends upon symmetric ciphers.

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third
party authentication protocol. It was designed and developed in the mid 1980's by MIT. It is
considered open source but is copyrighted and owned by MIT. It relies on the user's secret
keys. The password is used to encrypt and decrypt the keys.
The following answers are incorrect:
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys
(symmetric ciphers).
It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is
incorrect because the passwords are not exchanged but used for encryption and
decryption of the keys.
It is a second party authentication system. Is incorrect because Kerberos is a third party
authentication system, you authenticate to the third party (Kerberos) and not the system
you are accessing.
References:                                                                                                                                                                MIT http://web.mit.edu/kerberos/
Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
OIG CBK Access Control (pages 181 - 184)
AIOv3 Access Control (pages 151 - 155)

AOutlines how the proper design of a physical environment can reduce crime by directly
affecting human behavior.

Crime Prevention Through Environmental Design (CPTED) is a discipline
that outlines how the proper design of a physical environment can reduce crime by directly
affecting human behavior. It provides guidance about lost and crime prevention through
proper facility contruction and environmental components and procedures.
CPTED concepts were developed in the 1960s. They have been expanded upon and have
matured as our environments and crime types have evolved. CPTED has been used not
just to develop corporate physical security programs, but also for large-scale activities such
as development of neighborhoods, towns, and cities. It addresses landscaping, entrances,
facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns.
It looks at microenvironments, such as offices and rest-rooms, and macroenvironments,
like campuses and cities.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 435). McGraw-
Hill. Kindle Edition.and
CPTED Guide Book

Authentication

The only way to ensure accountability is if the subject is uniquely identified and
authenticated. Identification alone does not provide proof the user is who they claim to be.
After showing proper credentials, a user is authorized access to resources.
References:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002,
Chapter 4: Access Control (page 126).

UDP

The original TACACS, developed in the early ARPANet days, had very
limited functionality and used the UDP transport. In the early 1990s, the protocol was
extended to include additional functionality and the transport changed to TCP.
TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default.
TACACS allows a client to accept a username and password and send a query to a
TACACS authentication server, sometimes called a TACACS daemon or simply
TACACSD. TACACSD uses TCP and usually runs on port 49. It would determine whether
to accept or deny the authentication request and send a response back.
TACACS+
TACACS+ and RADIUS have generally replaced TACACS and XTACACS in more recently built or updated networks. TACACS+ is an entirely new protocol and is not compatible with
TACACS or XTACACS. TACACS+ uses the Transmission Control Protocol (TCP) and
RADIUS uses the User Datagram Protocol (UDP). Since TCP is connection oriented
protocol, TACACS+ does not have to implement transmission control. RADIUS, however,
does have to detect and correct transmission errors like packet loss, timeout etc. since it
rides on UDP which is connectionless.
RADIUS encrypts only the users' password as it travels from the RADIUS client to RADIUS
server. All other information such as the username, authorization, accounting are
transmitted in clear text. Therefore it is vulnerable to different types of attacks. TACACS+
encrypts all the information mentioned above and therefore does not have the
vulnerabilities present in the RADIUS protocol.
RADIUS and TACACS + are client/ server protocols, which means the server portion
cannot send unsolicited commands to the client portion. The server portion can only speak
when spoken to. Diameter is a peer-based protocol that allows either end to initiate
communication. This functionality allows the Diameter server to send a message to the access server to request the user to provide another authentication credential if she is
attempting to access a secure resource.
Reference(s) used for this question:
http://en.wikipedia.org/wiki/TACACS
and
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 239). McGraw-
Hill. Kindle Edition.

Detective/physical

Detective/physical controls usually require a human to evaluate the input
from sensors or cameras to determine if a real threat exists.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.

Non-Discretionary Access Control

Non Discretionary Access Control include Role Based Access Control
(RBAC) and Rule Based Access Control (RBAC or RuBAC). RABC being a subset of
NDAC, it was easy to eliminate RBAC as it was covered under NDAC already.
Some people think that RBAC is synonymous with NDAC but RuBAC would also fall into
this category.
Discretionary Access control is for environment with very low level of security. There is no
control on the dissemination of the information. A user who has access to a file can copy
the file or further share it with other users.
Rule Based Access Control is when you have ONE set of rules applied uniformly to all
users. A good example would be a firewall at the edge of your network. A single rule based
is applied against any packets received from the internet.
Mandatory Access Control is a very rigid type of access control. The subject must dominate
the object and the subject must have a Need To Know to access the information. Objects have labels that indicate the sensitivity (classification) and there is also categories to
enforce the Need To Know (NTK).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.

Bell-LaPadula

The Computer Security Policy Model Orange Book is based is the Bell-
LaPadula Model. Orange Book Glossary.
The Data Encryption Standard (DES) is a cryptographic algorithm. National Information
Security Glossary.
TEMPEST is related to limiting the electromagnetic emanations from electronic equipment.
Reference: U.S. Department of Defense, Trusted Computer System Evaluation Criteria
(Orange Book), DOD 5200.28-STD. December 1985 (also available here).

Reliability and utility

Availability assures that a system's authorized users have timely and
uninterrupted access to the information in the system. The additional access control
objectives are reliability and utility. These and other related objectives flow from the
organizational security policy. This policy is a high-level statement of management intent
regarding the control of access to information and the personnel who are authorized to
receive that information. Three things that must be considered for the planning and
implementation of access control mechanisms are the threats to the system, the system's
vulnerability to these threats, and the risk that the threat may materialize
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.

 Confidentiality

The Bell-LaPadula model is a formal model dealing with confidentiality.
The Bell–LaPadula Model (abbreviated BLP) is a state machine model used for enforcing
access control in government and military applications. It was developed by David Elliott
Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to
formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The
model is a formal state transition model of computer security policy that describes a set of
access control rules which use security labels on objects and clearances for subjects.
Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive
(e.g., "Unclassified" or "Public").
The Bell–LaPadula model focuses on data confidentiality and controlled access to
classified information, in contrast to the Biba Integrity Model which describes rules for the
protection of data integrity. In this formal model, the entities in an information system are
divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition
preserves security by moving from secure state to secure state, thereby inductively proving
that the system satisfies the security objectives of the model. The Bell–LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network
system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to
objects are in accordance with a security policy. To determine whether a specific access
mode is allowed, the clearance of a subject is compared to the classification of the object
(more precisely, to the combination of classification and set of compartments, making up
the security level) to determine if the subject is authorized for the specific access mode.The clearance/classification scheme is expressed in terms of a lattice. The model defines
two mandatory access control (MAC) rules and one discretionary access control (DAC) rule
with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at
a higher security level (no read-up).
The -property (read "star"-property) - a subject at a given security level must not write to
any object at a lower security level (no write-down). The -property is also known as the
Confinement property.
The Discretionary Security Property - use of an access matrix to specify the discretionary
access control.
The following are incorrect answers:
Accountability is incorrect. Accountability requires that actions be traceable to the user thatperformed them and is not addressed by the Bell-LaPadula model.
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
Availability is incorrect. Availability is concerned with assuring that data/services are
available to authorized users as specified in service level objectives and is not addressed
by the Bell-Lapadula model.
References:
CBK, pp. 325-326
AIO3, pp. 279 - 284
AIOv4 Security Architecture and Design (pages 333 - 336)
AIOv5 Security Architecture and Design (pages 336 - 338)
Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model