Exam SY0-701 topic 1 question 475 discussion

D. Mobile application-generated, one-time passcode with facial recognition Explanation: To meet the requirements of "something you know, are, and have" while avoiding additional costs for third-party apps or hardware: Something you know: Password or PIN. Something you have: A mobile device generating a one-time passcode. Something you are: Facial recognition (biometric verification). Option D leverages mobile devices employees already own, removing the need for specialized hardware or third-party applications while meeting the MFA criteria. Why not the other options? A: Smart cards require specialized hardware. B: Security questions are weak (easily guessed) and do not qualify as “something you are.” C: Voice verification systems often require additional infrastructure and are less practical compared to mobile solutions.

D is incorrect - mobile application-generated passcode, which typically requires a third-party app like Google Authenticator or Microsoft Authenticator.. C is correct - No third-party app ✔️ ✅ No extra hardware ✔️ ✅ Covers "something you know, are, and have"

The question is written very poorly , i think its C because it says without the need for purchasing a third party application , SMS don't require an application , anyway GREAT QUSTION COMPTIA !

D. Mobile application-generated, one-time passcode with facial recognition Why? Something you know → The password Something you have → The mobile device with the authentication app generating a one-time passcode (OTP) Something you are → Facial recognition NOT: C. Voice verification is unreliable, and SMS OTPs are vulnerable to SIM-swapping attacks.

GPT: Both CompTIA and Cisco would recommend D. Mobile application-generated, one-time passcode with facial recognition as the best MFA solution. It meets the “know, are, and have” requirements while avoiding additional hardware or third-party application costs, making it secure, practical, and cost-effective.

I think the answer is C. In both C and D, the something you have would have to be considered the phone you’re receiving the code on. I think D is incorrect because the question specifically says “does not require purchasing third party applications or specialized hardware.” While I use rsa and Microsoft Authenticator at work, both of which are free, i think specifically within the context of this question, D would be incorrect because it indicates the use of a third party application.

the question states "without purchasing a third party application" so D is out of the question

B. The question specifies that the methods should include something you know and something you have. That means it can't be C or D which rely on something you are. Further, they don't want to buy extra hardware. That means option A is out because of smart cards. only B fits the description.

Mobile application-generated, one-time passcode with facial recognition

This option best meets the company's requirements for an MFA solution that does not require third-party applications or specialized hardware: Something you know: Password Something you are: Voice and fingerprint verification Something you have: SMS one-time passcode

D. Mobile application-generated, one-time passcode with facial recognition Explanation: The company's MFA requirements include something you know, something you have, and something you are

This is wrong nothing states something you!!!