A project team is developing requirements of the new version of a web application used by internal
and external users. The application already features username and password requirements for
login, but the organization is required to implement multifactor authentication to meet regulatory
requirements. Which of the following would be added requirements will satisfy the regulatory
requirement? (Select THREE.)
A.
Digital certificate
B.
Personalized URL
C.
Identity verification questions
D.
Keystroke dynamics
E.
Tokenized mobile device
F.
Time-of-day restrictions
G.
Increased password complexity
H.
Rule-based access control
A,D,E satisfy these requirements. Identity Verification Questions are considered Something You Know – same as the username / password.
Keystroke dynamics is something you do. I pick A, D, E
A, D, E
I agree with A, D, E. However, establishing ID is not a factor of authentication. In reality, you need who you are (keystroke dynamics is consider biometrics) and what you have (token). What you know is name and password. Also making this question a mess is the idea that multifactor is three or more factors. Two factor is also multifactor meaning that you could substitute verification questions (what you know) for either of the biometric or token answer. This is a poor question but the best answer is still ADE.