A privacy engineer advises that multifactor authentication be used to log into a system containing personal data. Which of the following would be acceptable?
A.
Fingerprint scanning and then iris scanning.
B.
Facial recognition and then entering a PIN.
C.
Plugging in a smart card and then verifying a code sent to a mobile device.
D.
Entering a password and then answering a security question tied to the person.
both A and D options are from same categories 'what you are' and 'what you know' respectively.
multifactor authentication should have 2 factors from two different categories. B is what you are + what you know but C is the better answer because (from textbook): "The key is that the two factors should proceed through independent channels, such as a password combined with a one-time temporary security code sent via a text message (SMS)."
ACTUALLY I read again and maybe B not C becasue C is actually both things you have (smart card and phone), whereas B is two categories (facial recognition - something you are) and (PIN something you know)
C. Plugging in a smart card and then verifying a code sent to a mobile device.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
waterdogs
2 months, 2 weeks agowaterdogs
2 months agoSsourav
3 months, 1 week ago