A firm is considering using biometric fingerprint identification on all PCs that access critical data. This
requires:
A.
that a registration process is executed for all accredited PC users.
B.
the full elimination of the risk of a false acceptance.
C.
the usage of the fingerprint reader be accessed by a separate password.
D.
assurance that it will be impossible to gain unauthorized access to critical data.
Explanation:
The fingerprints of accredited users need to be read, identified and recorded, i.e., registered, before
a user may operate the system from the screened PCs. Choice B is incorrect, as the falseacceptance
risk of a biometric device may be optimized, but will never be zero because this would imply an
unacceptably high risk of false rejection. Choice C is incorrect, as the fingerprint device reads the
token (the user’s fingerprint) and does not need to be protected in itself by a password.
Choice Dis incorrect because the usage of biometric protection on PCs does not guarantee that other
potential security weaknesses in the system may not be exploited to access protected data.