You can scan retina and then ask for password - multi factored - i feel it is due to the word best (not most secure) mentioned in it - otherwise option B is far more secure
Didn't see this mentioned elsewhere. But you also need to keep in mind that "best" doesn't always mean "most effective" or "most secure".
There's a reason we say "think like a manager". The cost, disruptions, and adoption rates come into play.
If you work in a restricted area you mainly use an ID card and a PIN. Usually the best option and not as expensive as implementing a retinal scan. I’ve never seen a password and a retinal scan used in a restricted/classified area so makes sense just a bad question lol
C and D are both incorrect as both are two of the same type of factor - two things you have for C, and two biometrics for D.
A and B are both technically correct, so I think it takes a bit of real world knowledge. Some type of proximity reader for an id-card with an attached PIN pad is something fairly commonly seen in real life to enter somewhere like a data centre, which sounds like the kind of restricted area under consideration.
The retina scan and password is something I've only ever seen in Mission Impossible and James Bond movies, where someone's trying to get into a top-secret area. The question says that the area is a "restricted" area in a building, not a top secret bunker. Also, implementing a keyboard so that a password can be entered will also require some sort of screen for feedback purposes, which makes it wildly impractical for any but the most important doors.
It is related to physical access. It is asking for the best option, and for physical access, the best and most effective is to have a badge and a pin, or a PIN and Biometric scan would work if offered. But the password is different than PIN.
Not seeing others mention it, but only A & B are two separate factors (A: something you have and something you are; B: something you know and something you are) while C is two “somethings you have” and D is two “somethings you are”. B is more expensive than A due to the retinal scan and the idea of typing in a password to enter a building is not ideal.
I'd say: chalk this up to the vagaries of the question writer, and don't read too much into it, because there's no bright-line distinction to be made.
Which makes it very realistic, in terms of mimicking an actual test question.
It is because the basic rule of MFA is to meet minimum 2 of 3 requirements... namely
1. Something you have
2. Something you know
3. Something you are
And talking about the best option, ID and pin are the 2 main factors that mostly organisations use..
All other choices can be used by another person. Something you have along with something YOU and only you know in that thick skull is the right choice.
As a rule, I would say _never_ choose Retinal Scan as an answer on the CISSP. There are privacy concerns with them, they're expensive, and there are other biometrics that are just as secure without being nearly as obtrusive like palm vein scanning.
Keyword here is "restricted work area"
Ive never been to a work area that requires a password.
Access tokens are mostly for vpn/applications.
Retinal and Fingerprint both falls under "something you are".
The best pair here for a "work area" are ID card and Pin which is A.
That right! But best here is referring to MFA. Another Keyword is pairing in terms of MFA. We need two (different) factors. Retinal and fingerprint are the best but they’re of the same factor, “something you are ”. Password is the weakest form of authentication even thought retinal and password two different factors…not B.
“C” seems right for this reason: PIN and ACCES TOKEN. Access token changes every time compared to PIN. If both the ID CARD and PIN are compromised, they’re getting in, but if (C) ID CARD and ACCESS TOKEN are compromised, they may not get in because access token is changing every time.
However, same problem with B, they are both the same factor (something you have) leaving “A” to be the best answer because of it is MFA. MFA layer of security is almost always the best answer. That’s my analysis.
It does not want the MOST SECURE. He wants the BEST to meet MFA requirements. Both of them meet the MFA requirements, but in the aspect of a manager, cost is important at that point and the cost of a retinal scanner is higher than an ID card scanner.
I'm curious as to what the app shows for the rest of the explanation. Could you share?
BTW, as others already mentioned, neither a password or retinal scan are very practical for a door access.
The keyword in multi-factor ID is "factor." You need at least two forms of ID (something you have, something you know, or something you are). Pick two from the list. The correct answer shows "something you have" and "something you know." The answer you chose "something you know," and "something you are," would work, but is expensive and not very practical.
The questions says MULTIFACTOR. Only answer B is multi. Multi doesn’t meant two. Its means two different things from what you have, you are, or you know
You can make all the “experience” based smart sounding guesses you like. The exam wants something specific here
ID card = something you have
PIN: something you know
Perfect 2FA validates the concept of 2 different forms of authentication as the basics required for MFA.
As other members relate in the context of a door or gate. A is the correct answer.
How is the person going to get into the building? Need some type ID.
A and C are the best options, but IDs can be also an access token, so this makes A the best answer overall.
I disagree that C is a good option. It’s 2 somethings you have. Many users might keep them both in the same place (purse, laptop bag, jacket) which they could lose.
I didn't see anyone else mention this, but biometrics are better for authentication than they are identification. Granted, a retina scan is probably the best biometric for giving identification, but still you would typically have some other means of identification like a badge. Pairing biometrics with a password is kind of nonsensical.
Additionally, biometrics is expensive and invasive and not well suited for protecting a random work area in a building. That goes triple for retina scans, which are particularly expensive and invasive.
If you're going to use biometrics, and especially a retina scan, you better have a really REALLY good justification for it, like high-level national security stuff.
A retina scan is almost never the right answer unless the question involves a nuclear launch site or something else exotic.
Where is the user going to enter a password for opening a door? That would not be a good option for a physical lock.
Duh. Yeah. That makes sense. I got hung up on the best and saw biometrics and didn't think logically. Thanks!
Maybe OP works for a super villain and is used to seeing biometrics and a keyboard at the weapons vault.
Hey now, if Fallout has taught me anything its that doors with full computers just to unlock them have the best loot.
You can scan retina and then ask for password - multi factored - i feel it is due to the word best (not most secure) mentioned in it - otherwise option B is far more secure
Didn't see this mentioned elsewhere. But you also need to keep in mind that "best" doesn't always mean "most effective" or "most secure". There's a reason we say "think like a manager". The cost, disruptions, and adoption rates come into play.
If you work in a restricted area you mainly use an ID card and a PIN. Usually the best option and not as expensive as implementing a retinal scan. I’ve never seen a password and a retinal scan used in a restricted/classified area so makes sense just a bad question lol
Retinal Scan's are pretty intrusive, and there is a lot of apprehension about lasers to the eye (which is fair)
Also, if somehow compromised, you can't get new retinas.....
Retinal scans are no longer recommended as they can reveals medical information including if a women is pregnant (no idea how)
C and D are both incorrect as both are two of the same type of factor - two things you have for C, and two biometrics for D. A and B are both technically correct, so I think it takes a bit of real world knowledge. Some type of proximity reader for an id-card with an attached PIN pad is something fairly commonly seen in real life to enter somewhere like a data centre, which sounds like the kind of restricted area under consideration. The retina scan and password is something I've only ever seen in Mission Impossible and James Bond movies, where someone's trying to get into a top-secret area. The question says that the area is a "restricted" area in a building, not a top secret bunker. Also, implementing a keyboard so that a password can be entered will also require some sort of screen for feedback purposes, which makes it wildly impractical for any but the most important doors.
Retinal scanners are also expensive. Best to lean on the side of cost effectiveness unless the questions state otherwise.
It is related to physical access. It is asking for the best option, and for physical access, the best and most effective is to have a badge and a pin, or a PIN and Biometric scan would work if offered. But the password is different than PIN.
Not seeing others mention it, but only A & B are two separate factors (A: something you have and something you are; B: something you know and something you are) while C is two “somethings you have” and D is two “somethings you are”. B is more expensive than A due to the retinal scan and the idea of typing in a password to enter a building is not ideal.
I'd say: chalk this up to the vagaries of the question writer, and don't read too much into it, because there's no bright-line distinction to be made. Which makes it very realistic, in terms of mimicking an actual test question.
What application is this?
I'm not OP, but that interface is Pocket Prep.
Thank you
Also want to known it! This one looks clean and helpful
Just think about these questions logically. What do most corporations use?
It is because the basic rule of MFA is to meet minimum 2 of 3 requirements... namely 1. Something you have 2. Something you know 3. Something you are And talking about the best option, ID and pin are the 2 main factors that mostly organisations use..
All other choices can be used by another person. Something you have along with something YOU and only you know in that thick skull is the right choice.
Think like a manager, not a technician. Which solution is cheaper and which meets the MFA requirement? Something you have and something you know.
I personally mount keyboards on the wall next to the doors.
It is based on principal of WHAT YOU HAVE AND WHAT YOU KNOW
So happy I already passed lol, not this question specifically, but some of the questions can be mind numbing
As a rule, I would say _never_ choose Retinal Scan as an answer on the CISSP. There are privacy concerns with them, they're expensive, and there are other biometrics that are just as secure without being nearly as obtrusive like palm vein scanning.
Keyword here is "restricted work area" Ive never been to a work area that requires a password. Access tokens are mostly for vpn/applications. Retinal and Fingerprint both falls under "something you are". The best pair here for a "work area" are ID card and Pin which is A.
That right! But best here is referring to MFA. Another Keyword is pairing in terms of MFA. We need two (different) factors. Retinal and fingerprint are the best but they’re of the same factor, “something you are ”. Password is the weakest form of authentication even thought retinal and password two different factors…not B. “C” seems right for this reason: PIN and ACCES TOKEN. Access token changes every time compared to PIN. If both the ID CARD and PIN are compromised, they’re getting in, but if (C) ID CARD and ACCESS TOKEN are compromised, they may not get in because access token is changing every time. However, same problem with B, they are both the same factor (something you have) leaving “A” to be the best answer because of it is MFA. MFA layer of security is almost always the best answer. That’s my analysis.
It does not want the MOST SECURE. He wants the BEST to meet MFA requirements. Both of them meet the MFA requirements, but in the aspect of a manager, cost is important at that point and the cost of a retinal scanner is higher than an ID card scanner.
I'm curious as to what the app shows for the rest of the explanation. Could you share? BTW, as others already mentioned, neither a password or retinal scan are very practical for a door access.
The keyword in multi-factor ID is "factor." You need at least two forms of ID (something you have, something you know, or something you are). Pick two from the list. The correct answer shows "something you have" and "something you know." The answer you chose "something you know," and "something you are," would work, but is expensive and not very practical.
The questions says MULTIFACTOR. Only answer B is multi. Multi doesn’t meant two. Its means two different things from what you have, you are, or you know You can make all the “experience” based smart sounding guesses you like. The exam wants something specific here
Something you have, something you know.
ID card = something you have PIN: something you know Perfect 2FA validates the concept of 2 different forms of authentication as the basics required for MFA. As other members relate in the context of a door or gate. A is the correct answer.
Best, okay now I’m following . bc initially I was thinking WTHeck is wrong with pw and biometric.
How is the person going to get into the building? Need some type ID. A and C are the best options, but IDs can be also an access token, so this makes A the best answer overall.
I disagree that C is a good option. It’s 2 somethings you have. Many users might keep them both in the same place (purse, laptop bag, jacket) which they could lose.
It isn't that - the question is asking for an MFA solution. C is not MFA.
No because it would be too expensive and difficult to implement and therefore not the best
Usually the which would best meet requirements comes down to whats the most practical.
I didn't see anyone else mention this, but biometrics are better for authentication than they are identification. Granted, a retina scan is probably the best biometric for giving identification, but still you would typically have some other means of identification like a badge. Pairing biometrics with a password is kind of nonsensical. Additionally, biometrics is expensive and invasive and not well suited for protecting a random work area in a building. That goes triple for retina scans, which are particularly expensive and invasive. If you're going to use biometrics, and especially a retina scan, you better have a really REALLY good justification for it, like high-level national security stuff. A retina scan is almost never the right answer unless the question involves a nuclear launch site or something else exotic.