A security engineer is hardening remote-access VPN authentication. The new design will require employees to enter their existing username and password and then supply a six-digit code generated by a time-based one-time-password (TOTP) app on their smartphones.
Which of the following BEST explains why this change meets the definition of multifactor authentication (MFA)?
It requires two different authentication factors: something you know and something you have.
It requires the same factor (knowledge) to be entered twice, increasing complexity.
It uses federated identity tokens to provide single sign-on across applications.
It enforces password-complexity rules to minimize brute-force attacks.
Multifactor authentication requires at least two different types of authentication factors. Adding a TOTP generated on a user-owned device (possession factor) to an existing password (knowledge factor) combines "something you know" with "something you have." This satisfies the MFA requirement and significantly reduces the likelihood that a single compromised credential will allow unauthorized access. The other options either repeat the same factor, describe single sign-on, or merely enforce stronger passwords-none of which constitute MFA.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of factors used in MFA?
Open an interactive chat with Bash
How does MFA reduce the risk of unauthorized access?