B
A Synchronous token generates a one-time password that is only valid for a short period of time. Once the password is used it is no longer valid, and it expires if not entered in the acceptable time frame. The following answers are incorrect: Variable callback system. Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual unless two-factor authentication is also implemented.By itself, this method might allow an attacker access as a trusted user. Fixed callback system. Authentication provides assurance that someone or something is who or what he/it is supposed to be. Callback systems authenticate a person, but anyone can pretend to be that person. They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding. Combination of callback and Caller ID.The caller ID and callback functionality provides greater confidence and auditability of the caller`s identity.By disconnecting and calling back only authorized phone numbers, the system has a greater confidence in the location of the call.However, unless combined with strong authentication, any individual at the location could obtain access. The following reference(s) were/was used to create this question: Shon Harris AIO v3 p. 140, 548 - ISC2 OIG 2007 p. 152-153, 126-127