Tokens are electronic devices or cards that supply a user's password for them. A token system can be used to supply either a static or a dynamic password. There is a big difference between the static and dynamic systems, a static system will normally log a user in but a dynamic system the user will often have to log themselves in.
Static Password Tokens:
The owner identity is authenticated by the token. This is done by the person who issues the token to the owner (normally the employer). The owner of the token is now authenticated by "something you have". The token authenticates the identity of the owner to the information system. An example of this occurring is when an employee swipes his or her smart card over an electronic lock to gain access to a store room.
Synchronous Dynamic Password Tokens:
This system is a lot more complex then the static token password. The synchronous dynamic password tokens generate new passwords at certain time intervals that are synched with the main system. The password is generated on a small device similar to a pager or a calculator that can often be attached to the user's key ring. Each password is only valid for a certain time period, typing in the wrong password in the wrong time period will invalidate the authentication. The time factor can also be the systems downfall. If a clock on the system or the password token device becomes out of synch, a user can have troubles authenticating themselves to the system.
Asynchronous Dynamic Password Tokens:
The clock synching problem is eliminated with asynchronous dynamic password tokens. This system works on the same principal as the synchronous one but it does not have a time frame. A lot of big companies use this system especially for employee's who may work from home on the companies VPN (Virtual private Network).
Challenge Response Tokens:
This is an interesting system. A user will be sent special "challenge" strings at either random or timed intervals. The user inputs this challenge string into their token device and the device will respond by generating a challenge response. The user then types this response into the system and if it is correct they are authenticated.
Reference(s) used for this question:
http://www.informit.com/guides/content.aspx?g=security&seqNum=146
and
KRUTZ, Ronald L. & VINES, Russel D The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37

ECB mode operates like a code book. A 64-bit data block is entered into the
algorithm with a key, and a block of ciphertext is produced. For a given block of plaintext and a
given key, the same block of ciphertext is always produced.
The security issue that comes up with using ECB mode is that each block will be encrypted with
the exact same key, and thus the exact same code book. So, two problems could happen, an
attacker could uncover the key and thus have the key to decrypt all the blocks of data, or an
attacker could gather the ciphertext and plaintext of each block and build the code book that was
used, without needing the key.
The following are incorrect answers:
Output Feedback (OFB)
Counter Mode (CTR)
Cipher Feedback (CFB)
The following reference(s) were/was used to create this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 803). McGraw-Hill.
Kindle Edition.

Security testing makes sure the modified or new system includes appropriate
access controls and does not introduce any security holes that might compromise other systems.
Recovery testing checks the system's ability to recover after a software or hardware failure.
Stress/volume testing involves testing an application with large quantities of data in order to
evaluate performance during peak hours.
Interface testing evaluates the connection of two or more components that pass information from
one area to another.
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).

Explanation/Reference:
Explanation:
RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto standard and can be used for digital signatures, key exchange, and encryption. It was developed in 1978 at MIT and provides authentication as well as key encryption.
One advantage of using RSA is that it can be used for encryption and digital signatures. Using its one-way function, RSA provides encryption and signature verification, and the inverse direction performs decryption and signature generation.
Incorrect Answers:
B: DES is a symmetric block encryption algorithm. It is not a public key algorithm.
C: IDEA is a symmetric block encryption algorithm. It is not a public key algorithm.
D: Diffie-Hellman is used for key distribution. It is not what is described in the question.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 815

Often, managerial computer system security policies are categorized
into three basic types:
Program policy used to create an organization's computer security
program
Issue-specific policies used to address specific issues of concern
to the organization
System-specific policies technical directives taken by management
to protect a particular system
Program policy and issue-specific policy both address policy from
a broad level, usually encompassing the entire organization. However,
they do not provide sufficient information or direction, for
example, to be used in establishing an access control list or in training users on what actions are permitted. System-specific policy fills this need. System-specific policy is much more focused, since it addresses
only one system.
Table A.1 helps illustrate the difference between these three types
of policies. Source: National Institute of Standards and Technology, An
Introduction to Computer Security: The NIST Handbook Special Publica-
tion 800-12.

image002