CompTIA Security+ (SY0-601) — Question 723

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?

Answer options

• A. Gait analysis
• B. Vein
• C. Soft token
• D. HMAC-based, one-time password

Correct answer: B

Explanation

The correct answer is B, as vein recognition is a biometric method that accurately identifies individuals based on their unique vein patterns. Options A (gait analysis) and C (soft token) do not fall under the 'something you are' category, while D (HMAC-based, one-time password) pertains to a 'something you have' factor.