An access control list

"It [ACL] specifies a list of users [subjects] who are allowed access to each
object" CBK, p. 188
A capability table is incorrect. "Capability tables are used to track, manage and apply
controls based on the object and rights, or capabilities of a subject. For example, a table
identifies the object, specifies access rights allowed for a subject, and permits access
based on the user's posession of a capability (or ticket) for the object." CBK, pp. 191-192.
The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject.
To put it another way, as noted in AIO3 on p. 169, "A capabiltiy table is different from an
ACL because the subject is bound to the capability table, whereas the object is bound to
the ACL."
An access control matrix is incorrect. The access control matrix is a way of describing the
rules for an access control strategy. The matrix lists the users, groups and roles down the
left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access. CBK pp 317 - 318.
AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a
certain subject possesses pertaining to specific objects.
In either case, the matrix is a way of analyzing the access control needed by a population
of subjects to a population of objects. This access control can be applied using rules,
ACL's, capability tables, etc.
A role-based matrix is incorrect. Again, a matrix of roles vs objects could be used as a tool
for thinking about the access control to be applied to a set of objects. The results of the
analysis could then be implemented using RBAC.                                                                                             References:
CBK, Domain 2: Access Control.
AIO3, Chapter 4: Access Control

Detective/technical

The detective/technical control measures are intended to reveal the
violations of security policy using technical means.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 

They are vulnerable to non-adversarial disturbances.

Vibration sensors are similar and are also implemented to detect forced
entry. Financial institutions may choose to implement these types of sensors on exterior
walls, where bank robbers may attempt to drive a vehicle through. They are also commonly
used around the ceiling and flooring of vaults to detect someone trying to make an
unauthorized bank withdrawal. Such sensors are proned to false positive. If there is a large truck with heavy equipment
driving by it may trigger the sensor. The same with a storm with thunder and lighting, it may
trigger the alarm even thou there are no adversarial threat or disturbance.
The following are incorrect answers:
All of the other choices are incorrect.
Reference                                                                                                                                                             used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (pp. 495-496).
McGraw-Hill . Kindle Edition.

Public key certificate

In cryptography, a public key certificate (or identity certificate) is an electronic
document which incorporates a digital signature to bind together a public key with an
identity — information such as the name of a person or an organization, their address, and
so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate
authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed
certificate) or other users ("endorsements"). In either case, the signatures on a certificate
are attestations by the certificate signer that the identity information and the public key
belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a
resource that the issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction
clear. A PKC can be considered to be like a passport: it identifies the holder, tends to last
for a long time, and should not be trivial to obtain. An AC is more like an entry visa: it is
typically issued by a different authority and does not last for as long a time. As acquiring an
entry visa typically requires presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft Smartphone (and
related), Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the
mobile terminal client distribution (ie. the mobile phone operating system or application
environment) to include one or more root certificates each associated with a set of
capabilities or permissions such as "update firmware", "access address book", "use radio
interface", and the most basic one, "install and execute". When a developer wishes to
enable distribution and execution in one of these controlled environments they must
acquire a certificate from an appropriate CA, typically a large commercial CA, and in the
process they usually have their identity verified using out-of-band mechanisms such as a  combination of phone call, validation of their legal entity through government and
commercial databases, etc., similar to the high assurance SSL certificate vetting process,
though often there are additional specific requirements imposed on would-be
developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign their software; generally the software signed by the developer or publisher's identity
certificate is not distributed but rather it is submitted to processor to possibly test or profile
the content before generating an authorization certificate which is unique to the particular
software release. That certificate is then used with an ephemeral asymmetric key-pair to
sign the software as the last step of preparation for distribution. There are many
advantages to separating the identity and authorization certificates especially relating to
risk mitigation of new content being accepted into the system and key management as well
as recovery from errant software which can be used as attack vectors.                                                   References:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne,
page 540.
http://en.wikipedia.org/wiki/Attribute_certificate
http://en.wikipedia.org/wiki/Public_key_certificate

Clark-Wilson model

The Clark-Wilson model uses separation of duties, which divides an
operation into different parts and requires different users to perform each part. This
prevents authorized users from making unauthorized modifications to data, thereby
protecting its integrity.
The Clark-Wilson integrity model provides a foundation for specifying and analyzing an
integrity policy for a computing system.
The model is primarily concerned with formalizing the notion of information integrity.
Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent. An integrity policy describes how the data items in the
system should be kept valid from one state of the system to the next and specifies the
capabilities of various principals in the system. The model defines enforcement rules and
certification rules.
The model’s enforcement and certification rules define data items and processes that
provide the basis for an integrity policy. The core of the model is based on the notion of a
transaction.
A well-formed transaction is a series of operations that transition a system from one
consistent state to another consistent state.
In this model the integrity policy addresses the integrity of the transactions.
The principle of separation of duty requires that the certifier of a transaction and the
implementer be different entities. The model contains a number of basic constructs that represent both data items and
processes that operate on those data items. The key data type in the Clark-Wilson model is
a Constrained Data Item (CDI). An Integrity Verification Procedure (IVP) ensures that all
CDIs in the system are valid at a certain state. Transactions that enforce the integrity policy
are represented by Transformation Procedures (TPs). A TP takes as input a CDI or
Unconstrained Data Item (UDI) and produces a CDI. A TP must transition the system from
one valid state to another valid state. UDIs represent system input (such as that provided
by a user or adversary). A TP must guarantee (via certification) that it transforms all
possible values of a UDI to a “safe” CDI. In general, preservation of data integrity has three goals:
Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency (i.e. data reflects the real world)
Clark-Wilson addresses all three rules but BIBA addresses only the first rule of intergrity              References:                                                                                                                                                   HARRIS, Shon, All-In-One CISSP Certification Fifth Edition, McGraw-Hill/Osborne, Chapter
5: Security Architecture and Design (Page 341-344).
and
http://en.wikipedia.org/wiki/Clark-Wilson_model

 traffic padding

Traffic padding is a countermeasure to traffic analysis.
Even if perfect cryptographic routines are used, the attacker can gain knowledge of the
amount of traffic that was generated. The attacker might not know what Alice and Bob were
talking about, but can know that they were talking and how much they talked. In certain
circumstances this can be very bad. Consider for example when a military is organising a
secret attack against another nation: it may suffice to alert the other nation for them toknow merely that there is a lot of secret activity going on.
As another example, when encrypting Voice Over IP streams that use variable bit rate
encoding, the number of bits per unit of time is not obscured, and this can be exploited to
guess spoken phrases.
Padding messages is a way to make it harder to do traffic analysis. Normally, a number of
random bits are appended to the end of the message with an indication at the end how
much this random data is. The randomness should have a minimum value of 0, a maximum
number of N and an even distribution between the two extremes. Note, that increasing 0does not help, only increasing N helps, though that also means that a lower percentage of
the channel will be used to transmit real data. Also note, that since the cryptographic
routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it
does not help to put the padding anywhere else, e.g. at the beginning, in the middle, or in a
sporadic manner.
The other answers are all techniques used to do Penetration Testing.                                                           References:                                                                                                                                                           KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, pages 233, 238.
and
https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_anal
ysis

Synchronous dynamic password tokens

Synchronous dynamic password tokens generate a new unique password
value at fixed time intervals, so the server and token need to be synchronized for the
password to be accepted.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 37).
Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, chapter 4: Access Control (page 136).

A trusted third-party authentication protocol.

Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with
Information Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a
security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote
authentication dial in user server that would be called RADIUS.

Biometrics

The only way to be truly positive in authenticating identity for access is to
base the authentication on the physical attributes of the persons themselves (i.e., biometric
identification). Physical attributes cannot be shared, borrowed, or duplicated. They ensure
that you do identify the person, however they are not perfect and they would have to be
supplemented by another factor.
Some people are getting thrown off by the term Masquarade. In general, a masquerade is
a disguise. In terms of communications security issues, a masquerade is a type of attack
where the attacker pretends to be an authorized user of a system in order to gain access to
it or to gain greater privileges than they are authorized for. A masquerade may be attempted through the use of stolen logon IDs and passwords, through finding security
gaps in programs, or through bypassing the authentication mechanism. Spoofing is anotherterm used to describe this type of attack as well.
A UserId only provides for identification.
A password is a weak authentication mechanism since passwords can be disclosed,
shared, written down, and more.
A smart card can be stolen and its corresponding PIN code can be guessed by an intruder.
A smartcard can be borrowed by a friend of yours and you would have no clue as to who is
really logging in using that smart card.
Any form of two-factor authentication not involving biometrics cannot be as reliable as a
biometric system to identify the person.
Biometric identifying verification systems control people. If the person with the correct
hand, eye, face, signature, or voice is not present, the identification and verification cannot take place and the desired action (i.e., portal passage, data, or resource access) does not
occur.
As has been demonstrated many times, adversaries and criminals obtain and successfully
use access cards, even those that require the addition of a PIN. This is because these
systems control only pieces of plastic (and sometimes information), rather than people.
Real asset and resource protection can only be accomplished by people, not cards and
information, because unauthorized persons can (and do) obtain the cards and information.
Further, life-cycle costs are significantly reduced because no card or PIN administration
system or personnel are required. The authorized person does not lose physical
characteristics (i.e., hands, face, eyes, signature, or voice), but cards and PINs are
continuously lost, stolen, or forgotten. This is why card access systems require systems
and people to administer, control, record, and issue (new) cards and PINs. Moreover, the take place and the desired action (i.e., portal passage, data, or resource access) does not
occur.
As has been demonstrated many times, adversaries and criminals obtain and successfully
use access cards, even those that require the addition of a PIN. This is because these
systems control only pieces of plastic (and sometimes information), rather than people.
Real asset and resource protection can only be accomplished by people, not cards and
information, because unauthorized persons can (and do) obtain the cards and information.
Further, life-cycle costs are significantly reduced because no card or PIN administration
system or personnel are required. The authorized person does not lose physical
characteristics (i.e., hands, face, eyes, signature, or voice), but cards and PINs are
continuously lost, stolen, or forgotten. This is why card access systems require systems
and people to administer, control, record, and issue (new) cards and PINs. Moreover, thetake place and the desired action (i.e., portal passage, data, or resource access) does not
occur.
As has been demonstrated many times, adversaries and criminals obtain and successfully
use access cards, even those that require the addition of a PIN. This is because these
systems control only pieces of plastic (and sometimes information), rather than people.
Real asset and resource protection can only be accomplished by people, not cards and
information, because unauthorized persons can (and do) obtain the cards and information.
Further, life-cycle costs are significantly reduced because no card or PIN administration
system or personnel are required. The authorized person does not lose physical
characteristics (i.e., hands, face, eyes, signature, or voice), but cards and PINs are
continuously lost, stolen, or forgotten. This is why card access systems require systems
and people to administer, control, record, and issue (new) cards and PINs. Moreover, the cards are an expensive and recurring cost.
NOTE FROM CLEMENT:
This question has been generating lots of interest. The keyword in the question is:
Individual (the person) and also the authenticated portion as well.
I totally agree with you that Two Factors or Strong Authentication would be the strongest
means of authentication. However the question is not asking what is the strongest mean of
authentication, it is asking what is the best way to identify the user (individual) behind the
technology. When answering questions do not make assumptions to facts not presented in the question or answers.
Nothing can beat Biometrics in such case. You cannot lend your fingerprint and pin to
someone else, you cannot borrow one of my eye balls to defeat the Iris or Retina scan.
This is why it is the best method to authenticate the user.
I think the reference is playing with semantics and that makes it a bit confusing. I have
improved the question to make it a lot clearer and I have also improve the explanations
attached with the question.
The reference mentioned above refers to authenticating the identity for access. So the
distinction is being made that there is identity and there is authentication. In the case of
physical security the enrollment process is where the identity of the user would be validated
and then the biometrics features provided by the user would authenticate the user on a one
to one matching basis (for authentication) with the reference contained in the database of
biometrics templates. In the case of system access, the user might have to provide a
username, a pin, a passphrase, a smart card, and then provide his biometric attributes.Biometric can also be used for Identification purpose where you do a one to many match.
You take a facial scan of someone within an airport and you attempt to match it with a large
database of known criminal and terrorists. This is how you could use biometric for
Identification.
There are always THREE means of authentication, they are:
Something you know (Type 1)
Something you have (Type 2)
Something you are (Type 3)                                                                                                                                    Reference(s) used for this question:
TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th
edition (volume 1) , 2000, CRC Press, Chapter 1, Biometric Identification (page 7).
and
Search Security at http://searchsecurity.techtarget.com/definition/masquerade

Authentication

Biometric devices can be use for either IDENTIFICATION or
AUTHENTICATION
ONE TO ONE is for AUTHENTICATION
This means that you as a user would provide some biometric credential such as your
fingerprint. Then they will compare the template that you have provided with the one stored
in the Database. If the two are exactly the same that prove that you are who you pretend to
be.
ONE TO MANY is for IDENTIFICATION
A good example of this would be within airport. Many airports today have facial recognition
cameras, as you walk through the airport it will take a picture of your face and then
compare the template (your face) with a database full of templates and see if there is a
match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person.
Some additional clarification or comments that might be helpful are: Biometrics establish
authentication using specific information and comparing results to expected data. It does
not perform well for identification purposes such as scanning for a person's face in a
moving crowd for example.
Identification methods could include: username, user ID, account number, PIN, certificate,
token, smart card, biometric device or badge.
Auditing is a process of logging or tracking what was done after the identity and
authentication process is completed.
Authorization is the rights the subject is given and is performed after the identity is
established                                                                                                                                                            Reference OIG (2007) p148, 167                                                                                                            Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by
a person.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.