Security Architecture and EngineeringEasy

CISSP Practice Question: Which of the following is an example of two-factor authentication?

Published July 17, 2026 · Free daily CISSP practice question
Which of the following is an example of two-factor authentication?
  1. A.A. Username and Password
  2. B.B. Smart Card and PIN
  3. C.C. Biometric Scan
  4. D.D. Security Questions
Correct answer: B. B. Smart Card and PIN

Correct Answer: B. B. Smart Card and PIN

Explanation (CISSP Manager Logic):

Multi-factor authentication (MFA) requires combining two or more distinct categories: something you know, have, or are. This option pairs a physical token (possession) with a PIN (knowledge), significantly reducing the risk of unauthorized access compared to single-factor methods.

By implementing this solution, you:

  • Mitigate risks associated with credential theft and phishing.
  • Strengthen identity assurance for sensitive business systems.
  • Align technical controls with regulatory compliance requirements.

While the other options are relevant, they fall short because:

  • A: Both elements belong to the "something you know" category, constituting single-factor authentication.
  • C: A standalone biometric scan represents only one factor (something you are).
  • D: Security questions are a knowledge-based factor and do not provide a second distinct category.

Think like a manager:

Prioritize defense-in-depth by ensuring that the compromise of a single credential type does not lead to a total system breach. Always validate that MFA solutions utilize distinct, independent categories to ensure true technical efficacy.

Ready to find out if you'd pass?

5,000+ expert-calibrated questions, adaptive CAT mock exams, and gap analysis that shows exactly what to study next.

Try 5 free questions Start 7-day free trial
← Previous question All questions