nerdexam
EC-Council

312-50V11 · Question #266

What is the main reason the use of a stored biometric is vulnerable to an attack?

The correct answer is D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified. A stored biometric is primarily vulnerable because the digital representation can be stolen from a database and replayed or used by an attacker to permanently impersonate the victim.

Information Security and Ethical Hacking Fundamentals

Question

What is the main reason the use of a stored biometric is vulnerable to an attack?

Options

  • AThe digital representation of the biometric might not be unique, even if the physical characteristic
  • BAuthentication using a stored biometric compares a copy to a copy instead of the original to a
  • CA stored biometric is no longer "something you are" and instead becomes "something you have".
  • DA stored biometric can be stolen and used by an attacker to impersonate the individual identified

How the community answered

(19 responses)
  • A
    16% (3)
  • B
    5% (1)
  • C
    5% (1)
  • D
    74% (14)

Why each option

A stored biometric is primarily vulnerable because the digital representation can be stolen from a database and replayed or used by an attacker to permanently impersonate the victim.

AThe digital representation of the biometric might not be unique, even if the physical characteristic

Uniqueness of the digital representation relates to false acceptance rates and enrollment quality, but it is not the primary attack vulnerability introduced specifically by storing the biometric.

BAuthentication using a stored biometric compares a copy to a copy instead of the original to a

Comparing a stored template to a newly captured sample is the standard operating model for all biometric systems and is not itself a vulnerability introduced by storage.

CA stored biometric is no longer "something you are" and instead becomes "something you have".

Reclassifying a biometric as 'something you have' is a conceptual argument but does not describe a concrete, exploitable technical attack vector that storage creates.

DA stored biometric can be stolen and used by an attacker to impersonate the individual identifiedCorrect

Once a biometric is stored as a digital file, it becomes a static credential susceptible to database breaches and exfiltration. Unlike a compromised password, a stolen biometric cannot be revoked or reissued, so an attacker who obtains the stored representation can impersonate the victim indefinitely. This irreversibility is the core technical reason stored biometrics represent a significant security risk.

Concept tested: Stored biometric vulnerability and impersonation attack risk

Source: https://pages.nist.gov/800-63-3/sp800-63b.html

Topics

#biometrics#stored credentials#identity theft#authentication weakness

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice