A company has client computers that run Windows 8.1.
The company implements the following security requirements:
All client computers must use two-factor authentication.
At least one authentication method must include more than four characters or gestures.
You need to choose authentication methods that comply with the security requirements.
Which two authentication methods should you choose? (Each correct answer presents part of the solution. Choose two.)
A. PIN
B. Biometric authentication
C. Picture Password
D. Microsoft Account
Correct Answer: BD
Explanation/Reference:
Explanation:
More than 4 characters are of course supported with the Microsoft Account. It is something the user knows. The picture password would be another thing the user knows (gestures).
So there’s only MS Account and Biometric authentication left. Two-factor authentication requires the use of two of the three authentication factors: Something the user knows (e.g., password, PIN);
Something the user has (physical Object) (e.g., ATM card, smart card); and Something the user is (e.g., biometric characteristic, such as a fingerprint). The factors are identified in the standards and regulations for access to U.S. Federal Government systems.
http://en.wikipedia.org/wiki/Multi-factor_authentication
Multi-factor authentication
Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S. Federal Government systems. These factors are:
Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); and Something only the user is (e.g., biometric characteristic, such as a fingerprint).
1. Something the user knows: Microsoft Account
Minimum password length is more than 4 characters.
2. Something only the user is: Biometric authentication
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Biometric in Windows 8 is built on Windows Biometric Framework and relies on Windows Biometric service that is set to start up manual by default.
Further information:
Something the user knows: Picture password
Problem: limited to 3 gestures
Something the user knows:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Sign in with PIN code (4-digit code) is not possible for a domain user, it is not even visible in PC Settings -> Users (if machine is not domain joined you see it). To enable it for even domain joined computer/users you can enable the policy Turn on PIN sign-in and it becomes visible.