How can an individual/person BEST be identified or authenticated to prevent local masquerading attacks?

A.
User Id and password

B.
Smart card and PIN code

C.
Two-factor authentication

D.
Biometrics

Explanation:
Masquerading is the term used when one user pretends to be another user. Strong authentication is the best
defense against this.
Authentication is based on the following three factor types:
Type 1. Something you know, such as a PIN or password
Type 2. Something you have, such as an ATM card or smart card
Type 3. Something you are (physically), such as a fingerprint or retina scanBiometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of
the most effective and accurate methods of verifying identification.
A biometric authentication such as a fingerprint cannot be imitated which makes biometrics the best defense
against masquerading attacks.
Incorrect Answers:
A: A user Id and password can be guessed by an attacker. This is not the best identification and authentication
method to prevent local masquerading attacks.
B: A smart card can be stolen and the PIN guessed by an attacker. This is not the best identification and
authentication method to prevent local masquerading attacks.
C: Two-factor authentication is more secure than other methods but still less secure than biometrics. Twofactor authentication could comprise of “something you have” and “something you know”. The “something you
have” such as a smart card could be stolen by an attacker and the “something you know” such as a PIN could
be guessed. This is not the best identification and authentication method to prevent local masquerading
attacks.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 57
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 187