nerdexam
ExamsMS-900Questions#182
MicrosoftMicrosoft

MS-900 · Question #182

MS-900 Question #182: Real Exam Question with Answer & Explanation

Multi-factor authentication (MFA) requires the use of two or more different categories of authentication factors (something you know, have, or are) to verify identity.

Submitted by eva_at· Mar 5, 2026Describe security, compliance, privacy, and trust in Microsoft 365

Question

Hotspot Question You are the IT administrator for your company. You want to convince your manager to purchase a Microsoft 365 subscription. Your manager is concerned about security. You need to give an example of multi-factor authentication (MFA) to your manager. For each of the following statements, select Yes if the statement accurately describes MFA. Otherwise, select No. Answer:

Options

  • __typehotspot
  • variantyes_no

Explanation

Multi-factor authentication (MFA) requires the use of two or more different categories of authentication factors (something you know, have, or are) to verify identity.

Approach. 1. 'An employee receives a text message on their personal cell phone when they log in to SharePoint Online' -> Select Yes. Logging in implies using a primary credential (like a password, which is 'something you know'). Receiving a text message adds a secondary credential ('something you have' - the phone). This combination is MFA.

  1. 'An employee enters an email address and password to log in to Exchange Online' -> Select No. A password is only one factor ('something you know'). This is single-factor authentication.

  2. 'An employee uses facial recognition to unlock their phone to access the mobile Word app' -> Select No. Facial recognition is a single biometric factor ('something you are'). While it is used on a device you possess, the act of unlocking the phone with your face relies on only one authentication factor at that moment, replacing a PIN. It does not combine multiple independent factors for that specific authentication event.

Common mistakes.

  • common_mistake. A common mistake is assuming that modern or advanced security methods, such as biometrics (facial recognition), inherently constitute MFA. However, MFA strictly requires the combination of at least two distinct factor types. Using only facial recognition, without also requiring a password or another physical token, is still single-factor authentication.

Concept tested. Multi-Factor Authentication (MFA) principles and identifying authentication factor types (knowledge, possession, inherence).

Reference. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks

Topics

#Multi-factor authentication#security features#identity protection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full MS-900 PracticeBrowse All MS-900 Questions