Which authentication technique BEST protects against hijacking?

A.
Static authentication

B.
Continuous authentication

C.
Robust authentication

D.
Strong authentication

Explanation:
There are three major types of authentication available: static, robust, and continuous. Static authentication
includes passwords and other techniques that can be compromised through replay attacks. They are oftencalled reusable passwords. Robust authentication involves the use of cryptography or other techniques to
create one-time passwords that are used to create sessions. These can be compromised by session hijacking.
Continuous authentication prevents session hijacking.
Continuous Authentication provides protection against impostors who can see, alter, and insert information
passed between the claimant and verifier even after the claimant/verifier authentication is complete. These are
typically referred to as active attacks, since they assume that the imposter can actively influence the connection
between claimant and verifier. One way to provide this form of authentication is to apply a digital signature
algorithm to every bit of data that is sent from the claimant to the verifier. There are other combinations of
cryptography that can provide this form of authentication but current strategies rely on applying some type of
cryptography to every bit of data sent. Otherwise, any unprotected bit would be suspect.
Incorrect Answers:
A: Static authentication only provides protection against attacks in which an imposter cannot see, insert or alter
the information passed between the claimant and the verifier during an authentication exchange and
subsequent session. Static authentication does not protect against hijacking.
C: Robust Authentication relies on dynamic authentication data that changes with each authenticated session
between a claimant and verifier. Robust or dynamic authentication does not protect against hijacking.
D: Strong authentication is not a specific authentication type; it is another term for multi-factor authentication.

http://www.windowsecurity.com/whitepapers/policy_and_standards/Internet_Security_Policy/
Internet_Security_Policy__Sample_Policy_Areas.html