Question 5 - CompTIA A+ 220-1101 Real Exam Questions [Jan 2026 Update]

Q: 5

An engineer is setting up two-factor authentication so users can access a company's human resources system. Which of the following should the engineer require users to do?

Options

Correct Answer:

Explanation

Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity. These factors are categorized as something you know (e.g., password), something you have (e.g., a mobile device), and something you are (e.g., a fingerprint). A mobile authenticator application generates a one-time password or a push notification on a user's device, which serves as the "something you have" factor. This is a direct and common method for implementing 2FA to enhance the security of systems like a human resources portal.

Why Incorrect

B. Connect to the company's Wi-FI: This is a network-based access control policy, defining a condition for access rather than serving as a second authentication factor.

C. Connect through the VPN: A Virtual Private Network (VPN) provides a secure communication channel; it is an access method, not an authentication factor for an application.

D. Use a bastion server: A bastion server is a hardened network gateway for administrative access; it is a security architecture component, not a user authentication factor.

References

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-63B

Digital Identity Guidelines: Authentication and Lifecycle Management.

Section 5.1.5

"One-Time Passwords (OTPs)": This section details the use of OTPs generated by authenticators

including software-based authenticators on mobile devices

as a "something you have" factor. This directly supports the use of a mobile authenticator application for 2FA.

2. Perrig

& Far-Rive

J. (2021). 15-349/18-338/18-732 Introduction to Computer Security

Lecture 15: Authentication. Carnegie Mellon University

School of Computer Science.

The course lecture notes define Multi-Factor Authentication (MFA) and provide examples of the three factors. Under "Something You Have

" it explicitly lists "Authenticator App on a phone

" validating option A as a correct implementation of a second factor.

3. Boneh

& Mazières

D. (2023). CS 155: Computer and Network Security

Lecture 13: Web Security - User Authentication. Stanford University.

The lecture materials discuss two-factor authentication

describing the use of a second device like a phone that runs an app (e.g.

Google Authenticator) to generate a time-based one-time password (TOTP) as a common second factor. This aligns with the correct answer.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE