ISC2 CISSP Practice Questions 2022
5 Practice Exams
1250 Questions with Explanation
1.Which access control model provides upper and lower bounds of access capabilities for a subject?
A) Role-based access control
B) Lattice-based access control
C) Biba access control
D) Content-dependent access control
Explanation: Lattice-based access control is a mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. Every pair of elements has a highest lower bound and a lowest upper bound of access rights.Incorrect Answers:A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned.C: Biba is a security model, rather than an access control model. It centers on preventing information from flowing from a low integrity level to a high integrity levelD: Content-dependent access control is when the access decisions depend upon the value of an attribute of the object itself.References:, 6th Edition, McGraw-Hill, 2013, pp. 224, 377, G-9
2. What physical characteristic does a retinal scan biometric device measure?
A) The amount of light reaching the retina
B) The amount of light reflected by the retina
C) The pattern of light receptors at the back of the eye
D) The pattern of blood vessels at the back of the eye
Explanation: A retinal scan is a biometric technique that uses the unique patterns on a person's retina blood vessels.The human retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person's retina is unique. The network of blood vessels in the retina is not entirely genetically determined and thus even identical twins do not share a similar pattern.Although retinal patterns may be altered in cases of diabetes, glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death. Due to its unique and unchanging nature, the retina appears to be the most precise and reliable biometric, aside from DNA. The National Center for StateCourts estimate that retinal scanning has an error rate of one in ten million.A retinal scan is performed by casting an unperceived beam of low-energy infrared light into a persons eye as they look through the scanner's eyepiece. This beam of light traces a standardized path on the retina. Because retinal blood vessels absorb light more readily than the surrounding tissue, the amount of reflection varies during the scan. The pattern of variations is digitized and stored in a database.Incorrect Answers:A: A retinal scan does not measure the amount of light reaching the retina. Therefore, this answer is incorrect.B: A retinal scan does not measure the amount of light reflected by the retina. Therefore, this answer is incorrect.C: A retinal scan does not measure the pattern of light receptors at the back of the eye. Therefore, this answer is incorrect.