A firm is considering using biometric fingerprint identification on all PCs that access critical datA.
This requires:
A.
that a registration process is executed for all accredited PC users.
B.
the full elimination of the risk of a false acceptance.
C.
the usage of the fingerprint reader be accessed by a separate password.
D.
assurance that it will be impossible to gain unauthorized access to critical data.
Explanation:
The fingerprints of accredited users need to be read, identified and recorded, i.e., registered,
before a user may operate the system from the screened PCs. Choice B is incorrect, as the falseacceptance risk of a biometric device may be optimized, but will never be zero because this would
imply an unacceptably high risk of false rejection. Choice C is incorrect, as the fingerprint device
reads the token (the user’s fingerprint) and does not need to be protected in itself by a password.
Choice Dis incorrect because the usage of biometric protection on PCs does not guarantee that
other potential security weaknesses in the system may not be exploited to access protected data.