Exam SY0-501 topic 1 question 624 discussion

TOTP - Something you have User name and password - Something you know

Its A.

Discuss more, we need more comments about this simple question

CAPTCHA is something you do.

Correction. Answer is A

A and c

`A Time-based One-Time Password (TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.` so isnt it clear that the answer is A ? The best and practical way to authenticate so many people by eliminating most of the security issues

multifactor authentication for access, means have two authentication validations for accessing site. When you entering username/password that is one part of authentication. when you matching blocks of pictures or writing words that makes a seconds part of you being authenticated. CAPCHA does test you make sure you are not a Bot and NOT trying to brake in to a authenticated site. I hope it make sense folks. Still learning Security and trying to find best explanations.

Both HMAC-Based One-time Password Algorithms (HOTP) and Time-Based One-time Password Algorithms (TOTP) generate these tokens.

Keywords is "Multifactor Authentication" - TOTP is something you have. CAPTCHA is a verification method and not an authentication method. Answer is A

CompTIA Security+ Study Guide: Exam SY0-501: Something you know, such as a password or PIN. This is often referred to as Type I. Something you have, such as a smartcard, token, or identification device. This is often referred to as Type II. Something you are, such as your fingerprints or retinal pattern (often called biometrics). This is often referred to as Type III. Something you do, such as an action you must take to complete authentication. This does not have a type (I, II, III). Somewhere you are (this is based on geolocation). This does not have a type (I, II, III). https://en.wikipedia.org/wiki/Multi-factor_authentication A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out. Two other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses If it was the pattern of the iris or something like that, there is no doubt that B. But in this case, I would answer A.

Its TOTP as TOTP is soft token. Its used for two factor authentication.

Answer is B. OTP is not something you have according to Comptia official study guide. They say it is something you know.

Answer is A. Not sure why people are trying to convince themselves that it's D.

keywords are "hosts information" and "Best Practice for organization" gives D

Registered users enter username/password + CAPTCHA just to gain access to the logon page for the non-public site. ThEN multifactored authentication is used. Right? So answer D may make sense in that context. Unless I'm dumb, high or both.

Wouldn't CAPTCHA be something you DO because you have to do it correctly? like type the captcha or identify fire hydrants or spin the tiger statue till it's upright? I also agree that TOTP would be something you have that is valid for a moment but on the contrary, once you get the TOTP "YOU KNOW THE 6 digit CODE or whatever" right? My exams in 2 days I could go with either.