cissp question 1487 discussion

View all Certified Information Systems Security Professional Exam here

back to isc forum

Question 1487

An information security professional is reviewing user access controls on a customer-facing
application. The application must have multi-factor authentication (MFA) in place. The application
currently requires a username and password to login. Which of the following options would BEST
implement MFA?

A. Geolocate the user and compare to previous logins
B. Require a pre-selected number as part of the login
C. Have the user answer a secret question that is known to them
D. Enter an automatically generated number from a hardware token

Answer:

Explanation:

User Votes:

50%

D 5 votes

50%

Discussions

0 / 1000

davidcapa

3 months, 3 weeks ago

I think is more accurate something you have

BobNopaddy

3 days, 6 hours ago

The application already requires a username and password (something you know).
A hardware token (e.g., YubiKey, RSA SecurID) provides a dynamically generated number (something you have), fulfilling the second factor requirement for MFA.

cissp question 1487 discussion

View all Certified Information Systems Security Professional Exam here

View entire exam

Question 1487

Answer:

User Votes: