Explanation/Reference:
SET was developed by a consortium including Visa and MasterCard.
Source: Harris, Shon, CISSP All In One Exam Guide, pages 668-669.
Mondex is a smart card electronic cash system owned by MasterCard.
SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet.
Secure HTTP is a secure message-oriented communications protocol designed for use in conjunction with HTTP. It is designed to coexist with HTTP's messaging model and to be easily integrated with HTTP applications.

The cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. Unlike the other domains, cryptography does not completely support the standard of availability.
Availability Cryptography supports all three of the core principles of information security. Many access control systems use cryptography to limit access to systems through the use of passwords.
Many token-based authentication systems use cryptographic-based hash algorithms to
compute one-time passwords. Denying unauthorized access prevents an attacker from
entering and damaging the system or network, thereby denying access to authorized users
if they damage or currupt the data.
Confidentiality
Cryptography provides confidentiality through altering or hiding a message so that ideally it
cannot be understood by anyone except the intended recipient.
Integrity
Cryptographic tools provide integrity checks that allow a recipient to verify that a message
has not been altered. Cryptographic tools cannot prevent a message from being altered,
but they are effective to detect either intentional or accidental modification of the message.
Additional Features of Cryptographic Systems In addition to the three core principles of
information security listed above, cryptographic tools provide several more benefits.
Nonrepudiation
In a trusted environment, the authentication of the origin can be provided through the
simple control of the keys. The receiver has a level of assurance that the message was
encrypted by the sender, and the sender has trust that the message was not altered once it
was received. However, in a more stringent, less trustworthy environment, it may be
necessary to provide assurance via a third party of who sent a message and that the
message was indeed delivered to the right recipient. This is accomplished through the use
of digital signatures and public key encryption. The use of these tools provides a level of
nonrepudiation of origin that can be verified by a third party.
Once a message has been received, what is to prevent the recipient from changing the
message and contesting that the altered message was the one sent by the sender? The
nonrepudiation of delivery prevents a recipient from changing the message and falsely
claiming that the message is in its original state. This is also accomplished through the use
of public key cryptography and digital signatures and is verifiable by a trusted third party.
Authentication
Authentication is the ability to determine if someone or something is what it declares to be.
This is primarily done through the control of the keys, because only those with access to
the key are able to encrypt a message. This is not as strong as the nonrepudiation of
origin, which will be reviewed shortly Cryptographic functions use several methods to
ensure that a message has not been changed or altered. These include hash functions,
digital signatures, and message authentication codes (MACs). The main concept is that the
recipient is able to detect any change that has been made to a message, whether
accidentally or intentionally.
Access Control
Through the use of cryptographic tools, many forms of access control are supported-from
log-ins via passwords and passphrases to the prevention of access to confidential files or
messages. In all cases, access would only be possible for those individuals that had
access to the correct cryptographic keys.
NOTE FROM CLEMENT:
As you have seen this question was very recently updated with the latest content of the
Official ISC2 Guide (OIG) to the CISSP CBK, Version 3.
Myself, I agree with most of you that cryptography does not help on the availability side and
it is even the contrary sometimes if you loose the key for example. In such case you would
loose access to the data and negatively impact availability. But the ISC2 is not about what I
think or what you think, they have their own view of the world where they claim and state
clearly that cryptography does address availability even thou it does not fully address it.
They look at crypto as the ever emcompassing tool it has become today. Where it can be
use for authentication purpose for example where it would help to avoid corruption of the
data through illegal access by an unauthorized user.
The question is worded this way in purpose, it is VERY specific to the CISSP exam context
where ISC2 preaches that cryptography address availability even thou they state it does
not fully address it. This is something new in the last edition of their book and something
you must be aware of.
Best regards
Clement
The following terms are from the Software Development Security domain:
Validation: The assurance that a product, service, or system meets the needs of the
customer and other identified stakeholders. It often involves acceptance and suitability with
external customers. Contrast with verification below."
Verification: The evaluation of whether or not a product, service, or system complies with a
regulation, requirement, specification, or imposed condition. It is often an internal process.
Contrast with validation."
The terms above are from the Software Development Security Domain.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Cryptography (Kindle Locations 227-244). . Kindle Edition.
and
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Cryptography (Kindle Locations 206-227). . Kindle Edition.
and
http://en.wikipedia.org/wiki/Verification_and_validation

Pipelining is a natural concept in everyday life, e.g. on an assembly line. Consider the assembly of a car: assume that certain steps in the assembly line are to install the engine, install the hood, and install the wheels (in that order, with arbitrary interstitial steps). A car on the assembly line can have only one of the three steps done at once. After the car has its engine installed, it moves on to having its hood installed, leaving the engine installation facilities available for the next car. The first car then moves on to wheel installation, the second car to hood installation, and a third car begins to have its engine installed. If engine installation takes 20 minutes, hood installation takes 5 minutes, and wheel installation takes 10 minutes, then finishing all three cars when only one car can be assembled at once would take 105 minutes. On the other hand, using the assembly line, the total time to complete all three is 75 minutes. At this point, additional cars will come off the assembly line at 20 minute increments.
In computing, a pipeline is a set of data processing elements connected in series, so that the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion; in that case, some amount of buffer storage is often inserted between elements. Pipelining is used in processors to allow overlapping execution of multiple instructions within the same circuitry. The circuitry is usually divided into stages, including instruction decoding, arithmetic, and register fetching stages, wherein each stage processes one instruction at a time.
The following were not correct answers:
CISC: is a CPU design where single instructions execute several low-level operations (such as a load from memory, an arithmetic operation, and a memory store) within a single instruction.
RISC: is a CPU design based on simplified instructions that can provide higher performance as the simplicity enables much faster execution of each instruction.
Multitasking: is a method where multiple tasks share common processing resources, such as a CPU, through a method of fast scheduling that gives the appearance of parallelism, but in reality only one task is being performed at any one time.
Reference:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 188-189.
Also see
http://en.wikipedia.org/wiki/Pipeline_(computing)

Explanation/Reference:
Soft Control is another way of referring to Administrative control.
Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer.
Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control
Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, policies, etc which are usually paper based.
In the administrative category you would find audit, monitoring, and security awareness as well.
Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc...
Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.