CompTIA Security+ (SY0-701) — Question 457

A company wants to add an MFA solution for all employees who access the corporate network remotely. Log-in requirements include something you know, are, and have. The company wants a solution that does not require purchasing third-party applications or specialized hardware. Which of the following MFA solutions would best meet the company's requirements?

Answer options

• A. Smart card with PIN and password
• B. Security questions and a one-time passcode sent via email
• C. Voice and fingerprint verification with an SMS one-time passcode
• D. Mobile application-generated, one-time passcode with facial recognition

Correct answer: D

Explanation

The correct answer is D because it combines a mobile application-generated one-time passcode with facial recognition, fulfilling all three MFA factors without requiring third-party software or hardware. Option A depends on a physical smart card, which is considered specialized hardware. Option B relies solely on knowledge and possession, missing a biometric factor, while Option C, although it includes biometric verification, still requires SMS services, which may not align with the company's requirements for avoiding third-party solutions.