One-time or dynamic password

"one-time password" provides maximum security because a new password is
required for each new log-on.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.

A preventive control

Systems accountability depends on the ability to ensure that senders cannot
deny sending information and that receivers cannot deny receiving it. Because the
mechanisms implemented in nonrepudiation prevent the ability to successfully repudiate an
action, it can be considered as a preventive control.
Source: STONEBURNER, Gary, NIST Special Publication 800-33: Underlying Technical
Models for Information Technology Security, National Institute of Standards and
Technology, December 2001, page 7.

B

B level is the first Mandatory Access Control Level.
First published in 1983 and updated in 1985, the TCSEC, frequently referred to as the
Orange Book, was a United States Government Department of Defense (DoD) standard
that sets basic standards for the implementation of security protections in computing
systems. Primarily intended to help the DoD find products that met those basic standards,
TCSEC was used to evaluate, classify, and select computer systems being considered for
the processing, storage, and retrieval of sensitive or classified information on military and
government systems. As such, it was strongly focused on enforcing confidentiality with no
focus on other aspects of security such as integrity or availability. Although it has since
been superseded by the common criteria, it influenced the development of other product
evaluation criteria, and some of its basic approach and terminology continues to be used.
Reference used for this question:
Question No : 235 - (Topic 1)
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 17920-17926). Auerbach Publications. Kindle
Edition.
and
THE source for all TCSEC "level" questions:
http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (paragraph 3 for this one)

The initial authentication steps are done using public key algorithm.

Kerberos is a network authentication protocol. It is designed to provide
strong authentication for client/server applications by using secret-key cryptography. It has
the following characteristics:
It is secure: it never sends a password unless it is encrypted.
Only a single login is required per session. Credentials defined at login are then passed
between resources without the need for additional logins.
The concept depends on a trusted third party – a Key Distribution Center (KDC). The KDC
is aware of all systems in the network and is trusted by all of them.
It performs mutual authentication, where a client proves its identity to a server and a server
proves its identity to the client.
Kerberos introduces the concept of a Ticket-Granting Server/Service (TGS). A client that
wishes to use a service has to receive a ticket from the TGS – a ticket is a time-limited
cryptographic message – giving it access to the server. Kerberos also requires an
Authentication Server (AS) to verify clients. The two servers combined make up a KDC.
Within the Windows environment, Active Directory performs the functions of the KDC. The
following figure shows the sequence of events required for a client to gain access to a
service using Kerberos authentication. Each step is shown with the Kerberos message
associated with it, as defined in RFC 4120 “The Kerberos Network Authorization Service
(V5)”.                                                                                                                                                                                         C:\Users\MCS\Desktop\1.jpg
Kerberos Authentication Step by Step
Step 1: The user logs on to the workstation and requests service on the host. The
workstation sends a message to the Authorization Server requesting a ticket granting ticket
(TGT).
Step 2: The Authorization Server verifies the user’s access rights in the user database and
creates a TGT and session key. The Authorization Sever encrypts the results using a key
derived from the user’s password and sends a message back to the user workstation.
The workstation prompts the user for a password and uses the password to decrypt the
incoming message. When decryption succeeds, the user will be able to use the TGT to
request a service ticket.
Step 3: When the user wants access to a service, the workstation client application sends a
request to the Ticket Granting Service containing the client name, realm name and a
timestamp. The user proves his identity by sending an authenticator encrypted with the
session key received in Step 2.
Step 4: The TGS decrypts the ticket and authenticator, verifies the request, and creates a ticket for the requested server. The ticket contains the client name and optionally the client
IP address. It also contains the realm name and ticket lifespan. The TGS returns the ticket
to the user workstation. The returned message contains two copies of a server session key
– one encrypted with the client password, and one encrypted by the service password.
Step 5: The client application now sends a service request to the server containing the
ticket received in Step 4 and an authenticator. The service authenticates the request by
decrypting the session key. The server verifies that the ticket and authenticator match, and
then grants access to the service. This step as described does not include the authorization
performed by the Intel AMT device, as described later.
Step 6: If mutual authentication is required, then the server will reply with a server
authentication message.
The Kerberos server knows "secrets" (encrypted passwords) for all clients and servers
under its control, or it is in contact with other secure servers that have this information.
These ""secrets" are used to encrypt all of the messages shown in the figure above.
To prevent "replay attacks," Kerberos uses timestamps as part of its protocol definition. For
timestamps to work properly, the clocks of the client and the server need to be in synch as
much as possible. In other words, both computers need to be set to the same time and
date. Since the clocks of two computers are often out of synch, administrators can
establish a policy to establish the maximum acceptable difference to Kerberos between a
client's clock and server's clock. If the difference between a client's clock and the server's
clock is less than the maximum time difference specified in this policy, any timestamp used
in a session between the two computers will be considered authentic. The maximum
difference is usually set to five minutes.
Note that if a client application wishes to use a service that is "Kerberized" (the service is
configured to perform Kerberos authentication), the client must also be Kerberized so that it
expects to support the necessary message responses.
For more information about Kerberos, see http://web.mit.edu/kerberos/www/.
References:
Introduction to Kerberos Authentication from Intel
and
http://www.zeroshell.net/eng/kerberos/Kerberos-definitions/#1.3.5.3 and
http://www.ietf.org/rfc/rfc4120.txt

Last login message

The last login message displays the last login date and time, allowing a user
to discover if their account was used by someone else. Hence, this is rather a detective
control.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly,
July 1992 (page 63).

No write down

The (star) property of the Bell-LaPadula access control model states that
writing of information by a subject at a higher level of sensitivity to an object at a lower level
of sensitivity is not permitted (no write down).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 202).
Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (page 242, 243).

 GyN19Za!

GyN19Za! would be the the best answer because it contains a mixture of
upper and lower case characters, alphabetic and numeric characters, and a special
character making it less vulnerable to password attacks.
All of the other answers are incorrect because they are vulnerable to brute force or
dictionary attacks. Passwords should not be common words or names. The addition of a
number to the end of a common word only marginally strengthens it because a common
password attack would also check combinations of words:
Christmas23
Christmas 123                                                                                                                                                         etc....

Automated login for remote users

An automated login function for remote users would imply a weak
authentication, thus certainly not a security goal.
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management
Handbook, 4th edition, volume 2, 2001, CRC Press, Chapter 5: An Introduction to Secure
Remote Access (page 100).

Preventive security controls

Sensitivity labels are a preventive security application controls, such as are
firewalls, reference monitors, traffic padding, encryption, data classification, one-time
passwords, contingency planning, separation of development, application and test
environments.
The incorrect answers are:
Detective security controls - Intrusion detection systems (IDS), monitoring activities, and
audit trails.
Compensating administrative controls - There no such application control.
Preventive accuracy controls - data checks, forms, custom screens, validity checks,
contingency planning, and backups. Sources:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and
Systems Development (page 264).
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Application Controls, Figure 7.1 (page 360).

Logon abuse

Unauthorized access of restricted network services by the circumvention of
security access controls is known as logon abuse. This type of abuse refers to users who
may be internal to the network but access resources they would not normally be allowed.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 74).