nerdexam
(ISC)2

CAP · Question #130

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

The correct answer is B. Multi-factor. Using both a smart card (something you have) and a username/password (something you know) constitutes multi-factor authentication because it combines two distinct authentication factors.

Selection and Approval of Framework, Security, and Privacy Controls

Question

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

Options

  • AAnonymous
  • BMulti-factor
  • CBiometrics
  • DMutual

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    90% (26)
  • C
    3% (1)

Why each option

Using both a smart card (something you have) and a username/password (something you know) constitutes multi-factor authentication because it combines two distinct authentication factors.

AAnonymous

Anonymous authentication involves no identity verification at all, which is the opposite of the described scenario requiring both a card and credentials.

BMulti-factorCorrect

Multi-factor authentication (MFA) requires a user to present two or more verification factors from different categories: something you know (password), something you have (smart card), or something you are (biometric). Combining a smart card with a username and password satisfies two separate factor categories, meeting the definition of MFA. This layered approach significantly reduces the risk of unauthorized access compared to single-factor methods.

CBiometrics

Biometric authentication uses physical or behavioral characteristics such as fingerprints or retina scans, neither of which is present in this scenario.

DMutual

Mutual authentication means both the client and the server verify each other's identity, which describes a two-way trust relationship rather than the number of factors a single user presents.

Concept tested: Multi-factor authentication factors and classification

Source: https://pages.nist.gov/800-63-3/sp800-63b.html

Topics

#Multi-factor authentication#Authentication factors#Smart cards#Passwords

Community Discussion

No community discussion yet for this question.

Full CAP Practice