CompTIA Security+ (SY0-601) — Question 381

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Answer options

• A. Facial recognition
• B. Six-digit PIN
• C. PKI certificate
• D. Smart card

Correct answer: A

Explanation

Facial recognition is a biometric factor that does not depend on knowledge or possession, making it suitable for the requirement. In contrast, a Six-digit PIN and a Smart card are forms of authentication based on something you know or have, respectively. A PKI certificate is also based on possession, thus it does not meet the specified criteria.