A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s
requirements?

A.
Username and password

B.
Retina scan and fingerprint scan

C.
USB token and PIN

D.
Proximity badge and token

Explanation:
Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two
of the three categories:
knowledge factors (“things only the user knows”), such as passwords possession factors (“things only the user has”), such as ATM cards inherence factors (“things
only the user is”), such as biometrics
In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).
Incorrect Answers:
A: A username and password are both knowledge factors (something the user knows). Therefore, this answer only provides single-factor authentication.
B: A retina scan and fingerprint scan are both inherence factors (something only that user has). Therefore, this answer only provides single-factor authentication.
D: A proximity badge and token are both possession factors (something the user has). Therefore, this answer only provides single-factor authentication.

http://en.wikipedia.org/wiki/Multi-factor_authentication