What are the two mechanisms that can be employed to address threats of user identity spoofing?

What are the two mechanisms that can be employed to address threats of user identity spoofing?

A.
Access Control Lists (ACLs) and access control to storage objects

B.
Access control to storage objects and storage access monitoring

C.
User authentication and Information Rights Management (IRM)

D.
User authentication and user authorization