CompTIA Security+ (SY0-501) — Question 646

An organization has implemented a two-step verification process to protect user access to data that is stored in the cloud. Each employee now uses an email address or mobile number to receive a code to access the data. Which of the following authentication methods did the organization implement?

Answer options

• A. Token key
• B. Static code
• C. Push notification
• D. HOTP

Correct answer: D

Explanation

The correct answer is D, HOTP (HMAC-based One-Time Password), as it allows users to receive a code via email or SMS for accessing data. A Token key typically refers to a physical device, Static code does not change and is less secure, and Push notification involves alerts sent to an app, which is not the method described.