A security engineer is hardening remote-access VPN authentication. The new design will require employees to enter their existing username and password and then supply a six-digit code generated by a time-based one-time-password (TOTP) app on their smartphones.
Which of the following BEST explains why this change meets the definition of multifactor authentication (MFA)?
It requires the same factor (knowledge) to be entered twice, increasing complexity.
It enforces password-complexity rules to minimize brute-force attacks.
It uses federated identity tokens to provide single sign-on across applications.
It requires two different authentication factors: something you know and something you have.
Multifactor authentication requires at least two different types of authentication factors. Adding a TOTP generated on a user-owned device (possession factor) to an existing password (knowledge factor) combines "something you know" with "something you have." This satisfies the MFA requirement and significantly reduces the likelihood that a single compromised credential will allow unauthorized access. The other options either repeat the same factor, describe single sign-on, or merely enforce stronger passwords-none of which constitute MFA.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of factors used in MFA?
Open an interactive chat with Bash
How does MFA reduce the risk of unauthorized access?