CISSP Practice question #95

Jane has been tasked with implementing multifactor authentication at our organization. The request from senior management is to make it secure, but also to protect employees privacy and not inadvertently record something that could reveal private employee health information. What are some good reasons to not use biometric authentication in Janes implementation?
A: It can reveal private employee information.
B: It is wrong more often than not.
C: Biometrics often change.
D: Biometrics are easily copied.

CBK 5: Identity and Access Management
Source: practice tests


A: Something you are – Type 3 Authentication (Biometrics): Can inadvertently breach our employees privacy: Some fingerprint patterns are related to chromosomal diseases. Iris patterns could reveal genetic sex, retina scans can show if a person is pregnant or diabetic. Hand vein patterns could reveal vascular diseases. Most behavioral biometrics could reveal neurological diseases, etc.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like


  1. Not sure what information a hashed fingerprint/iris would reveal. Unless part of the biometric is standing on scales “you are too fat, this can’t be Linda in Accounting”.
    ‘Wrong more often than not”, if using fingerprints, get a decent scanner. False readings more often than right ones? Poor equipment.
    “Biometrics often change”. Only if you’re using the scales again. Fingerprints/Irises don’t change that often. You’d be re-authenticating people every few years anyway. It’s a username, not a password, and that biometrics don’t change often is the reason they’re used. People will leave their ID cards in the car/home, forget their anniversary used for the password, but the fingers on the end of their hands /tend/ to hang around for a bit.
    Biometrics, which metrics? “hey, if we both stand on the scales, the system things it’s Bill from the warehouse”.

    Not sure any of them are valid reasons. What health info could get leaked? Unless you’re doing a GATTACA type thing and needing their blood/pee/poop samples to login their terminal.

Leave a Reply