Explanation/Reference:
Explanation:
Masquerading is the term used when one user pretends to be another user. Strong authentication is the best defense against this.
Authentication is based on the following three factor types:
Type 1. Something you know, such as a PIN or password

Type 2. Something you have, such as an ATM card or smart card

Type 3. Something you are (physically), such as a fingerprint or retina scan

Biometrics verifies an individual's identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification.
A biometric authentication such as a fingerprint cannot be imitated which makes biometrics the best defense against masquerading attacks.
Incorrect Answers:
A: A user Id and password can be guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks.
B: A smart card can be stolen and the PIN guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks.
C: Two-factor authentication is more secure than other methods but still less secure than biometrics. Two- factor authentication could comprise of "something you have" and "something you know". The "something you have" such as a smart card could be stolen by an attacker and the "something you know" such as a PIN could be guessed. This is not the best identification and authentication method to prevent local masquerading attacks.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 57
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 187

The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can see.
This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel.
The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with confidentiality and bases access control decsions on the classfication of objects and the clearences of subjects.
The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow between objects based on security classes.
The Biba model is incorrect. The Biba model is concerned with integrity and is a complement to the Bell-LaPadula model in that higher levels of integrity are more trusted than lower levels. Access control us based on these integrity levels to assure that read/write operations do not decrease an object's integrity.
References:
CBK, pp 325 - 326
AIO3, pp. 290 - 291

The Maximum Tolerable Downtime (MTD) is the maximum length of time a BUSINESS FUNCTION can endure without being restored, beyond which the BUSINESS is no longer viable
NIST SAYS: The ISCP Coordinator should analyze the supported mission/business processes and with the process owners, leadership and business managers determine the acceptable downtime if a given process or specific system data were disrupted or otherwise unavailable. Downtime can be identified in several ways.
Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave contingency planners with imprecise direction on selection of an appropriate recovery method, and the depth of detail which will be required when developing recovery procedures, including their scope and content.
Other BCP and DRP terms you must be familiar with are: Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. When it is not feasible to immediately meet the RTO and the MTD is inflexible, a Plan of Action and Milestone should be initiated to document the situation and plan for its mitigation.
Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered (given the most recent backup copy of the data) after an outage. Unlike RTO, RPO is not considered as part of MTD. Rather, it is a factor of how much data loss the mission/business process can tolerate during the recovery process. Because the RTO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. For example, a system outage may prevent a particular process from being completed, and because it takes time to reprocess the data, that additional processing time must be added to the RTO to stay within the time limit established by the MTD.
References used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 276. and http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf

From the official Guide, second edition: Bell LaPadula is a Security Model.
"In general, most security models will focus on defining allowed interactions between subjects
(active parties) and objects (passive parties) at a particular moment in time."
The remaining three listed would all be classifed as frameworks.
"Multiple frameworks and methodologies have been created to support security, auditing, and risk
assessment of implemented security controls. These resources are valuable to assist in the design
and testing of a security program. The following frameworks and methodologies have each gained
a degree of acceptance within the auditing or information security community and assist with information security and auditing. Although the origins of several of them were not specifically designed to support information security, many of the processes within these practices help security professionals identify and implement controls in support of confidentiality, integrity, and availability." The following reference(s) were/was used to create this question: Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) Chapter 3, Information Security Governance and Risk Management, Pages 514-516