🛡️ Free practice test question from: Security+ (Security+)

Two-factor authentication (2FA) requires two different factors of authentication. These factors typically fall into these categories:

Something you know: (e.g., password, PIN, security question answer)  

Something you have: (e.g., phone, security token, smart card)  

Something you are: (e.g., fingerprint, facial recognition, iris scan)

*****

A) Both a password and a security question are "something you know." This is not two different factors.  

B) Both a fingerprint and facial recognition are "something you are." This is not two different factors.  

C) A password is "something you know," and a one-time code sent to your phone is "something you have." These are two different factors, making this an example of 2FA.

D) Both a username and password are "something you know." This is only one factor.