ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer is updating the company's SSL VPN configuration. Users already authenticate with their Active Directory username and password. New policy mandates implementing multi-factor authentication but specifically prohibits any solution that relies on the public switched telephone network (PSTN). The company also wants to avoid distributing dedicated hardware tokens. Which implementation meets all requirements while providing true MFA?
Prompt users for a self-selected personal identification number (PIN) after they enter their password.
Require users to enter a time-based one-time password generated by an authenticator mobile app.
Allow access only when the user connects from an approved IP address range.
Send a one-time passcode to each user via SMS text message during VPN login.
Multi-factor authentication requires at least two factors drawn from different categories-knowledge, possession, or inherence. A time-based one-time password (TOTP) generated by an authenticator application on a user-controlled smartphone satisfies the possession factor and does not depend on the PSTN, so it meets the policy constraints and adds a second, independent factor to the existing password.
SMS one-time passcodes rely on the PSTN, violating the stated restriction. IP address validation and MAC address checks are environmental attributes, not authentication factors, and therefore do not constitute MFA. A user-selected PIN is another knowledge factor, so combining it with a password still represents single-factor authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA)?
Open an interactive chat with Bash
How does a time-based one-time password (TOTP) work?
Open an interactive chat with Bash
Why is SMS not suitable for secure MFA?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .