312-50V10 · Question #173
By using a smart card and pin, you are using a two-factor authentication that satisfies
The correct answer is B. Something you have and something you know. A smart card satisfies 'something you have' and a PIN satisfies 'something you know,' making this combination a classic two-factor authentication pairing of possession and knowledge factors.
Question
By using a smart card and pin, you are using a two-factor authentication that satisfies
Options
- ASomething you know and something you are
- BSomething you have and something you know
- CSomething you have and something you are
- DSomething you are and something you remember
How the community answered
(31 responses)- A3% (1)
- B94% (29)
- D3% (1)
Why each option
A smart card satisfies 'something you have' and a PIN satisfies 'something you know,' making this combination a classic two-factor authentication pairing of possession and knowledge factors.
'Something you are' refers to a biometric inherence factor such as a fingerprint or iris scan, not a PIN, which is a knowledge-based credential.
A smart card is a physical token that satisfies the possession factor ('something you have'), and a PIN is a memorized secret that satisfies the knowledge factor ('something you know'). This pairing is the standard model for PIV/CAC authentication and meets the two-factor requirement by combining two distinct, independent authentication categories.
A PIN is not a biometric factor and does not satisfy 'something you are' - it is purely a knowledge-based secret, making this pairing incorrect.
'Something you remember' is not a recognized standard authentication factor category - the three accepted factors are something you know, something you have, and something you are.
Concept tested: Multi-factor authentication factor categories and smart card use
Source: https://csrc.nist.gov/publications/detail/sp/800-63/3/final
Topics
Community Discussion
No community discussion yet for this question.