Which of the following statements pertaining to biometrics is FALSE?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
As this is not a characteristic of Biometrics this is the rigth choice for this question.This is one of the three basic way authentication can be performed and it is not related to Biometrics.
Example of something you know would be a password or PIN for example.
Please make a note of the negative 'FALSE' within the question.This question may seem tricky to some of you but you would be amazed at how many people cannot deal with negative questions.There will be a few negative questions within the real exam, just like this one the keyword NOT or FALSE will be in Uppercase to clearly indicate that it is negative.
Biometrics verifies an individuals identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of performing authentication (one to one matching) or identification (a one to many matching)
A biometric system scans an attribute or behavior of a person and compares it to a template store within an authentication server datbase,such template would be created in an earlier enrollment process.
Because this system inspects the grooves of a persons fingerprint, the pattern of someones retina, or the pitches of someones voice, it has to be extremely sensitive.
The system must perform accurate and repeatable measurements of anatomical or physiological characteristics.
This type of sensitivity can easily cause false positives or false negatives.
The system must be calibrated so that these false positives and false negatives occur infrequently and the results are as accurate as possible.
There are two types of failures in biometric identification: False Rejection also called False Rejection Rate (FRR)The system fail to recognize a legitimate user.
While it could be argued that this has the effect of keeping the protected area extra secure, it is an intolerable frustration to legitimate users who are refused access because the scanner does not recognize them.
False Acceptance or False Acceptance Rate (FAR)This is an erroneous recognition, either by confusing one user with another or by accepting an imposter as a legitimate user.
Physiological Examples: Unique Physical Attributes: Fingerprint (Most commonly accepted) Hand Geometry - Retina Scan (Most accurate but most intrusive) Iris Scan - Vascular Scan - Behavioral Examples: Repeated Actions - Keystroke Dynamics - (Dwell time (the time a key is pressed) and Flight time (the time between "key up" and the next "key down")
Signature Dynamics - (Stroke and pressure points) EXAM TIP: Retina scan devices are the most accurate but also the most invasive biometrics system available today.
The continuity of the retinal pattern throughout life and the difficulty in fooling such a device also make it a great long-term, high-security option.
Unfortunately, the cost of the proprietary hardware as well the stigma of users thinking it is potentially harmful to the eye makes retinal scanning a bad fit for most situations.
Remember for the exam that fingerprints are the most commonly accepted type of biometrics system.
The other answers are incorrect: 'Users can be authenticated based on behavior.' is incorrect as this choice is TRUE as it pertains to BIOMETRICS.
Biometrics systems makes use of unique physical characteristics or behavior of users.
'User can be authenticated based on unique physical attributes.' is also incorrect as this choice is also TRUE as it pertains to BIOMETRICS.Biometrics systems makes use of unique physical characteristics or behavior of users.
'A biometric system's accuracy is determined by its crossover error rate (CER)' is also incorrect as this is TRUE as it also pertains to BIOMETRICS.The CER is the point at which the false rejection rates and the false acceptance rates are equal.
The smaller the value of the CER, the more accurate the system.
Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25353-25356)
Auerbach Publications.
Kindle Edition.
and Hernandez CISSP, Steven (2012-12-21)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25297-25303)
Auerbach Publications.
Kindle Edition.
Biometrics is a technology that uses unique physical or behavioral characteristics to authenticate an individual's identity. The following statements pertain to biometrics:
A. User can be authenticated based on behavior. This statement is true. Behavioral biometrics can be used to authenticate an individual's identity by analyzing their unique behavior patterns, such as typing rhythm, mouse movement, and signature style.
B. User can be authenticated based on unique physical attributes. This statement is true. Physical biometrics, such as fingerprints, facial recognition, and iris scans, can be used to authenticate an individual's identity.
C. User can be authenticated by what he knows. This statement is false. Authentication based on knowledge, such as passwords or PINs, is not considered a biometric authentication method. It is a traditional authentication method that relies on something that the user knows rather than their physical or behavioral characteristics.
D. A biometric system's accuracy is determined by its crossover error rate (CER). This statement is true. The crossover error rate (CER) is a measure of a biometric system's accuracy. It is the point at which the false acceptance rate (FAR) and the false rejection rate (FRR) are equal. The lower the CER, the more accurate the biometric system.
In conclusion, the false statement is C. User can be authenticated by what he knows, as authentication based on knowledge is not considered a biometric authentication method.