An organization’s security policy states that users must authenticate using something you do. Which of
the following would meet the objectives of the security policy?

A.
Fingerprint analysis

B.
Signature analysis

C.
Swipe a badge

D.
Password

Explanation:
Authentication systems or methods are based on one or more of these five factors:
Something you know, such as a password or PIN
Something you have, such as a smart card, token, or identification device
Something you are, such as your fingerprints or retinal pattern (often called biometrics)
Something you do, such as an action you must take to complete authentication
Somewhere you are (this is based on geolocation)
Writing your signature on a document is ‘something you do’. Someone can then analyze the signature to
see if it matches one stored on record.
Incorrect Answers:
A: Authenticating using a fingerprint is classed as ‘something you are’, not ‘something you do’. A
fingerprint is part of you. Therefore, this answer is incorrect.
C: Swiping a badge is classed as ‘something you have, not ‘something you do’. You ‘have’ the badge.
Therefore, this answer is incorrect.
D: Authenticating using a password is classed as ‘something you know, not ‘something you do’. You
‘know’ the password. Therefore, this answer is incorrect.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 131