The helpdesk is receiving numerous reports that a newly installed biometric reader at the entrance
of the data center has a high of false negatives. Which of the following is the consequence of this
reported problem?
A.
Unauthorized employees have access to sensitive systems
B.
All employees will have access to sensitive systems
C.
No employees will be able to access the datacenter
D.
Authorized employees cannot access sensitive systems
“A false negative is when an attacker is actively attacking the network, but the system does not detect it…” from Darril Gibson
Thats the same thing, detection is being incorrectly rejected, its C
Answer is A
A false positive will be authorized employees can not access sensitive systems.
A false negative will be that unauthorized employees have access to sensitive systems.
I agree with itcrowd. Answer A
False Positive is when the system indicates a problem when there is no problem
False Negative is when the system fails to indicate a problem as a problem.
So in this question having a high False Negative means it is not reporting when it should and unauthorized users are getting access. So answer is A
It’s C.
A and D is the same, false positive.
False negative is when somebody who doesnt work in Company have access and go around, but system doesnt do nothing.
Break it down to simple terms. It will help make things easy to remember.
True Positive – Granted Authorized user
False Positive – Denied Authorized user
True Negative – Denied Unauthorized user
False Negative – Granted Unauthorized user
Need to correct myself
True Positive – Granted Authorized user
False Positive – Granted Unauthorized user
True Negative – Denied Unauthorized user
False Negative – Denied Authorized user
There are two matching approaches:
1- Whitelisting systems (such as biometrics).
2- Blacklisting systems (such as AV & IDS).
In whitelisting, we are matching for something allowed.
TP = Allowing authorized person.
TN = Blocking unauthorized person.
FP = Allowing unauthorized person.
FN = Blocking authorized person.
TP is the desired state. And in terms of risk, FP is worse than FN.
In blacklisting approaches, we are matching for something blocked.
TP = Detecting Malicious application.
TN = Allowing benign application.
FP = Detecting benign application as malicious.
FN = Not detecting malicious application.
TN is the desired state. And in terms of risk, FN is worse than FP.
In this question (whitelisting), the FN means preventing authorized persons –> D is the correct answer.
“Biometric systems are vulnerable to two types of failures: a false-positive, in which a system falsely identifies an imposter as the valid user, and a false-negative, in which the system fails to make a match between a valid user and the stored template.” (source: IEEE) https://www.ieee.org/publications_standards/publications/authors/sample_biometrics_pdf.pdf
In this case, that means a lot of authorized users cannot access the datacenter. So it’s D.