CompTIA Security+ (SY0-601) — Question 305

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Choose two.)

Answer options

• A. Passphrase
• B. Time-based one-time password
• C. Facial recognition
• D. Retina scan
• E. Hardware token
• F. Fingerprints

Correct answer: B, E

Explanation

The correct answers are B and E because a Time-based one-time password (TOTP) and a hardware token are both possession factors that provide an additional layer of security. The other options, such as passphrase, facial recognition, retina scan, and fingerprints, are not possession factors; they fall under knowledge or inherent factors.