Which of the following is not an example of a knowledge factor in an MFA environment?
A. your workstation’s location
B. a PIN
C. a password
D. your mother’s maiden name
Explanation:
Your workstation’s location is an example of a location-based factor, not a knowledge factor, in a multifactor authentication (MFA) environment. Three authentication factors are commonly used for gaining access to a secure environment: a knowledge factor (something you know), a physical factor (something you have), and an inherence factor (something you are). A fourth possible factor, which could be argued to be a subset of the inherence factor, is a location-based or time-based factor (someplace you are). For example, if you wanted to provide access to a website only to people who are connected to a specific branch of your company’s network, you could authenticate those users by only allowing access to the site if the user is sending requests from workstations within a specific range of IP addresses.
A password, a personal identification number (PIN), and your mother’s maiden name are all examples of knowledge factors. For example, a bank’s website might choose to ask you for both a password and the answer to a question about your mother’s maiden name. Although the bank’s website prompts you for two forms of verification, both of those prompts are for information that you store in your memory. Authentication by something you know is also known as Type 1 authentication. Authentication by something you know is considered the weakest form of authentication because such authentication can often be easily guessed or stolen.
Possession factors verify your identity by using a device that you carry with you, such as a fob, a driver’s license, or a smartcard. For example, your company might require that you carry a fob with you to gain access to the office by using an exterior door. You would typically hold the fob in front of a sensor and allow the sensor to read the information that is stored on the fob; if the information matches that of an authorized user, you would be allowed entry. Authentication by something you have is also known as Type 2 authentication. Authentication by something you have is considered a stronger form of authentication than authentication by something you know because it requires the user to carry some sort of authenticating electronic access control (EAC) token.
Inherence factors verify your identity by using something that is unique about you and that cannot be easily changed, such as your iris, your retina, or your fingerprints. For example, your company could connect your workstation to a fingerprint scanner instead of requiring you to unlock your workstation with keystrokes and a password. Authentication by something you are is also known as Type 3 authentication. Authentication by something you are is considered the strongest form of authentication because of the uniqueness of individuals.
Reference: https://www.cisco.com/c/en/us/products/security/what-is-multi-factor-authentication.html#~methods CCNP and CUE Security Core SCOR 350-701 Official Cert Guide, Chapter 4: Authentication, Authorization, and Accounting (AAA) and Identity Management: Authentication