(ISC)2 Certified in Cybersecurity Practice Exam

Which method is used to verify the identity of a user in a biometric system?

• A. Knowledge-based authentication
• B. Token-based authentication
• C. Physiological data matching
• D. SSH key authentication

The correct answer is: Physiological data matching

The correct answer is physiological data matching, as it directly relates to how biometric systems function. In biometric authentication, the identity of a user is verified by analyzing unique physiological traits, such as fingerprints, facial features, or iris patterns. This method is based on the premise that certain physical characteristics are unique to each individual and can be reliably used to confirm someone’s identity. When a user attempts to gain access to a system, their biometric data is captured and compared to stored templates of previously registered users. If the captured data matches one of the stored templates, the user is authenticated. This process is crucial because it relies on biological information, which is inherently more difficult to replicate or steal compared to knowledge-based or token-based methods. Knowledge-based authentication involves verifying a user's identity through something they know, such as passwords or answers to security questions, while token-based authentication relies on physical devices or tokens issued to the user. SSH key authentication utilizes cryptographic keys to ensure secure access. While these methods provide secure means of authentication, they don't involve the biological verification that defines biometric systems. Physiological data matching is key to the effectiveness and security of biometric systems, making it the most fitting choice in this context.