Which multifactor authentication scheme uses ownership and biometric factors, but not knowledge factors?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which multifactor authentication scheme uses ownership and biometric factors, but not knowledge factors?

Explanation:
The concept being tested is using two factors that avoid a knowledge-based credential: something you have (ownership) and something you are (biometric), which yields passwordless access. Passwordless authentication fits this because it logs you in without a password by relying on a possession factor (like a device or security key you own) and a biometric confirmation (such as a fingerprint or facial scan). This approach often uses technologies like WebAuthn/FIDO2, where you prove possession of the hardware token and your biometrics rather than typing a password. Biometric authentication alone is only one factor, so it isn’t multi- or passwordless by itself. Smart cards are an ownership factor but typically still rely on an additional factor (often a PIN or biometric) to complete MFA, and the option here emphasizes not using knowledge factors. FAR is a metric, not an authentication scheme, so it doesn’t describe how you authenticate. Passwordless directly embodies ownership plus biometrics while excluding knowledge factors, making it the best fit.

The concept being tested is using two factors that avoid a knowledge-based credential: something you have (ownership) and something you are (biometric), which yields passwordless access. Passwordless authentication fits this because it logs you in without a password by relying on a possession factor (like a device or security key you own) and a biometric confirmation (such as a fingerprint or facial scan). This approach often uses technologies like WebAuthn/FIDO2, where you prove possession of the hardware token and your biometrics rather than typing a password.

Biometric authentication alone is only one factor, so it isn’t multi- or passwordless by itself. Smart cards are an ownership factor but typically still rely on an additional factor (often a PIN or biometric) to complete MFA, and the option here emphasizes not using knowledge factors. FAR is a metric, not an authentication scheme, so it doesn’t describe how you authenticate. Passwordless directly embodies ownership plus biometrics while excluding knowledge factors, making it the best fit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy