A Synchronous token generates a one-time password that is only valid for a short period of time. Once the password is used it is no longer valid, and it expires if not entered in the acceptable time frame.
The following answers are incorrect:
Variable callback system. Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual unless two-factor authentication is also implemented. By itself, this method might allow an attacker access as a trusted user.
Fixed callback system. Authentication provides assurance that someone or something is who or what he/it is supposed to be. Callback systems authenticate a person, but anyone can pretend to be that person. They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding.
Combination of callback and Caller ID. The caller ID and callback functionality provides greater confidence and auditability of the caller's identity. By disconnecting and calling back only authorized phone numbers, the system has a greater confidence in the location of the call. However, unless combined with strong authentication, any individual at the location could obtain access.
The following reference(s) were/was used to create this question:
Shon Harris AIO v3 p. 140, 548
ISC2 OIG 2007 p. 152-153, 126-127

Access controls that are not based on the policy are characterized as discretionary controls by the US government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Explanation

Explanation/Reference:
Explanation:
Support for two pairs of public-private keys is a fundamental requirement for some PKIs. One key pair is for data encryption and the other key pair is for digitally signing documents.
When digitally signing a message for non-repudiation, the private key is used. The public key (with the key usage attribute "non-repudiation") associated with the private key is used to verify the signed messages.
Incorrect Answers:
A: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for encrypting messages.
B: When digitally signing a message for non-repudiation, the private key is used, not the public key.
D: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for decrypting messages.
References:
https://docs.oracle.com/cd/E13215_01/wlibc/docs81/admin/certificates.html