Free ISC2 CC Certified in Cybersecurity Actual Exam Questions - Question 1 Discussion

D imo, it covers using multiple factors without overcomplicating with three methods like B. It’s practical and aligns well with common multi-factor setups combining something you know and something you are.

B/D? B adds biometrics as a third factor, which is stronger than just two methods in D. But D still fits best if we consider “two or more” as enough for multi-factor. C and A are too weak.

It’s D because best practice involves multiple methods, ideally from different categories, to improve security. Using just username and password (A) isn’t strong enough these days.

A imo, because it emphasizes at least two methods like username and password. While biometrics add extra security, they might not always be practical or available. Sticking to two solid factors is a good balance between security and usability. C and B are too weak or overly complex, and D feels like overkill for many cases.

B imo, because adding biometrics on top of username and password really strengthens security beyond just two methods. More factors generally mean better protection.

Guessing A here since it mentions two methods but keeps it simple without overcomplicating with biometrics or pins, which might not always be feasible. Two methods are a solid baseline.

Maybe D is the safest bet here because it emphasizes using two or more methods, which aligns with the idea of multi-factor authentication. A and C are weaker since just one or two methods might not be enough if they’re from the same factor type. B sounds like overkill and might not always be practical. D’s wording about combining different methods covers best practice without specifying exact factors, so it feels more flexible and realistic for strong security.

Two methods are solid and practical, so option A.

Option D covers best practice by requiring multiple factors without overcomplicating it.

B imo, because using three different methods adds an extra layer beyond just two, making it tougher for attackers to get in compared to just two methods in A or D.

A I feel A is a solid choice because it explicitly states using two authentication methods, which fits the common definition of multi-factor authentication better than just focusing on three methods. It covers the essential security improvement without overcomplicating things, unlike option B which might be overkill or less practical in some cases. Also, C is obviously too weak, and while D mentions two or more methods, it doesn’t clarify if they’re from different categories, which is key for true multi-factor security. So A seems like the safest best practice here.

Multi-factor means at least two different categories, so D fits that better than B. D

D imo, because it explicitly mentions using two or more methods, which is the core idea behind better security. B’s triple method approach is good but not always necessary or practical.

D. Using two or more methods like password, biometrics, and a pin code covers multiple factors (something you know, something you have, something you are), which aligns with the principle of multi-factor authentication. It’s generally stronger than just two methods or limiting to only one. B might be overkill with three factors but is close, while A and C don’t meet the best practice standard for robust authentication. So D seems to fit best by ensuring at least two distinct factors are used for better security.

B/D? The options seem a bit overlapping. Is the question aiming for multi-factor authentication in general, or is it specifically about how many methods are ideal? Also, does “best practice” here mean strongest security or just a good balance with usability? Because B says three methods including biometrics, while D says two or more with a few examples. Clarification on the scope would help pick between those.