A server administrator is hardening remote administrative access for a fleet of virtual servers. The new security policy requires implementing multifactor authentication (MFA) by combining methods from at least two different authentication factor categories. Which of the following combinations meets this requirement?
A password and a personal identification number (PIN).
A fingerprint scan and a facial recognition scan.
A smart card and a hardware token.
A password and a one-time code generated by a hardware token.
The correct answer implements two different authentication factors: 'something you know' (a password) and 'something you have' (a hardware token). Multifactor authentication requires using at least two factors from the three distinct categories: 'something you know' (e.g., password, PIN), 'something you have' (e.g., token, smart card), and 'something you are' (e.g., fingerprint, facial scan). Using a password and a PIN is using two methods from the same 'something you know' category. Using a fingerprint scan and a facial scan uses two methods from the 'something you are' category. Using a smart card and a hardware token uses two methods from the 'something you have' category. Only the correct option combines factors from two different categories as required for true MFA.