Which of the following is true of biometrics?

A.
It is used for identification in physical controls and it is not used in logical controls.

B.
It is used for authentication in physical controls and for identification in logical controls.

C.
It is used for identification in physical controls and for authentication in logical controls.

D.
Biometrics has no role in logical controls.

Explanation:
Biometrics is used for identification in physical controls and for authentication in logical controls. Physical
controls are items put into place to protect facility, personnel, and resources. As a physical control, biometrics
provides protection by identifying a person to see if that person is authorized to access a facility. When a user is
identified and granted physical access to a facility, biometrics can be used for authentication in logical controls
to provide access to resources.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors:
administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls”
because they are more management-oriented. Examples of administrative controls are security documentation,
risk management, personnel security, and training. Technical controls (also called logical controls) are software
or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And
physical controls are items put into place to protect facility, personnel, and resources. Examples of physical
controls are security guards, locks, fencing, and lighting.
Incorrect Answers:
A: Biometrics is used in logical controls.
B: Biometrics is used for identification in physical controls and for authentication in logical controls, not the other
way round. Biometrics is used first as a physical control to identify a person to grant access to a facility, and
then as a logical control to authenticate the user to provide access to resources.
D: Biometrics does have a role in logical controls.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28
Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,
2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 58