nerdexam
(ISC)2

CISSP · Question #44

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

The correct answer is A. False Acceptance Rate (FAR). When security requires that no unauthorized individual must ever gain access, the False Acceptance Rate (FAR) is the critical metric to minimize, as it measures how often impostors are incorrectly granted entry.

Submitted by luis.pe· Mar 5, 2026Identity and Access Management

Question

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options

  • AFalse Acceptance Rate (FAR)
  • BFalse Rejection Rate (FRR)
  • CCrossover Error Rate (CER)
  • DRejection Error Rate

How the community answered

(50 responses)
  • A
    72% (36)
  • B
    8% (4)
  • C
    16% (8)
  • D
    4% (2)

Why each option

When security requires that no unauthorized individual must ever gain access, the False Acceptance Rate (FAR) is the critical metric to minimize, as it measures how often impostors are incorrectly granted entry.

AFalse Acceptance Rate (FAR)Correct

FAR (False Acceptance Rate) measures the percentage of unauthorized users who are incorrectly accepted by the biometric system. When the priority is ensuring no unauthorized individual is admitted, FAR must be minimized to as close to zero as possible, even at the cost of inconveniencing legitimate users. This metric directly quantifies the system's vulnerability to unauthorized access.

BFalse Rejection Rate (FRR)

FRR (False Rejection Rate) measures how often legitimate, authorized users are incorrectly denied access, which affects usability and convenience but does not address the security risk of unauthorized entry.

CCrossover Error Rate (CER)

The Crossover Error Rate (CER) is the point where FAR and FRR are equal and is used to compare the overall accuracy of biometric systems, but it is a balanced metric rather than one optimized for preventing unauthorized access specifically.

DRejection Error Rate

'Rejection Error Rate' is not a standard or recognized biometric metric; the correct terms are FAR, FRR, and CER, making this choice technically invalid.

Concept tested: Biometric system FAR vs FRR security tradeoffs

Source: https://csrc.nist.gov/glossary/term/false_accept_rate

Topics

#biometrics#False Acceptance Rate (FAR)#access control#system design

Community Discussion

No community discussion yet for this question.

Full CISSP Practice