Your company has implemented a new authentication system for the server room. To be given access to the room, a user must provide his user name and password. Once those factors are authenticated, the user must then provide his smart card. Which type of authentication is being used?

A. one-factor authentication
B. two-factor authentication
C. three-factor authentication
D. four-factor authentication

B
Explanation: Two-factor authentication is being used. Even though the user is providing a total of three factors, both the user name and password are knowledge factors. The smart card is an ownership factor. Therefore, you are providing two types of authentication factors.
The three categories of authentication factors are: knowledge factors, ownership factors, and characteristic factors. Even if you implement multiple factors that belong in the same category, you are still only implementing one-factor authentication.
One-factor authentication would be implemented when only one type of the three authentication factors is used. Three-factor authentication requires that three different types must be implemented. An example of three-factor authentication would be implementing a solution that includes a user name, smart card, and retina scan.
Four-factor authentication is NOT a valid authentication type.