What is multi-factor authentication (MFA)?

  1. Biometric scanning only
  2. Changing passwords frequently
  3. Using two or more authentication methods to verify user identity ✓
  4. Using strong passwords

Correct answer: Using two or more authentication methods to verify user identity

Option C is correct because multi-factor authentication requires a user to present two or more distinct verification factors from different categories, such as something you know (password), something you have (hardware token or mobile authenticator), or something you are (biometric), substantially reducing the risk of unauthorized access even if one factor is compromised. Option A is incorrect because biometric scanning alone is only a single authentication factor and does not constitute MFA, which requires at least two independent methods. Option B is incorrect because frequently changing passwords is a password hygiene practice that involves only a single knowledge factor and provides no MFA protection. Option D is incorrect because using a strong password is a good security practice but still represents only one factor (something you know), whereas MFA mandates combining multiple distinct factor types.

Topic: General Security Concepts · mfa, authentication, identity verification, security controls

Practice CompTIA Security+ (SY0-701) Questions Free