nerdexam
(ISC)2

CISSP · Question #221

Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

The correct answer is D. Exact match. In biometric authentication, a replay attack involves replaying a previously captured biometric sample, which produces a suspiciously exact match rather than the natural variation seen in legitimate live samples.

Submitted by dimitri_ru· Mar 5, 2026Identity and Access Management

Question

Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

Options

  • AFalse Acceptance Rate (FAR) is greater than 1 in 100,000
  • BFalse Rejection Rate (FRR) is greater than 5 in 100
  • CInadequately specified templates
  • DExact match

How the community answered

(43 responses)
  • B
    2% (1)
  • C
    5% (2)
  • D
    93% (40)

Why each option

In biometric authentication, a replay attack involves replaying a previously captured biometric sample, which produces a suspiciously exact match rather than the natural variation seen in legitimate live samples.

AFalse Acceptance Rate (FAR) is greater than 1 in 100,000

A False Acceptance Rate greater than 1 in 100,000 indicates the system's sensitivity or threshold is too permissive, which is a configuration or tuning issue rather than evidence of a replay attack.

BFalse Rejection Rate (FRR) is greater than 5 in 100

A False Rejection Rate greater than 5 in 100 indicates the system is overly strict and is rejecting legitimate users too frequently, which reflects a threshold or template quality problem, not a replay attack.

CInadequately specified templates

Inadequately specified templates refer to poor enrollment quality or insufficient biometric data captured during setup, which is a provisioning or data quality issue rather than an indicator of a replay attack.

DExact matchCorrect

Legitimate biometric readings always contain minor variability due to environmental factors, sensor noise, and physiological changes, so an exact match between a stored template and a submitted sample strongly suggests a replayed or cloned digital copy of the original biometric data rather than a genuine live reading. This is a hallmark indicator of a replay attack, where an attacker captures and retransmits a previously authenticated biometric signal. Real biometric systems are designed to accept close matches within a tolerance threshold, not perfect duplicates.

Concept tested: Replay attacks in biometric authentication systems

Source: https://nvlpubs.nist.gov/nistpubs/ir/2006/nist.ir.7290.pdf

Topics

#biometric authentication#replay attack#authentication vulnerabilities

Community Discussion

No community discussion yet for this question.

Full CISSP Practice