Certified Information Security Manager (CISM) Practice Exam

The three factors of authentication are knowledge, ownership, and biometric. This framework is foundational for enabling secure access to systems and data, ensuring that the person requesting access is indeed authorized.

Knowledge refers to something the user knows, such as a password or a PIN. Ownership involves something the user possesses, like a smart card or a token that generates a code for access. Biometric authentication relies on unique physical characteristics of the user, such as fingerprints, facial recognition, or iris scans. By combining these three distinct factors, organizations can enhance their security posture significantly, as each factor addresses different vulnerabilities in the authentication process.

In contrast, other options may mix elements or provide insufficient layers of security. While passwords and tokens are indeed part of the authentication spectrum, merely relying on them without considering the essential categories of knowledge, ownership, and biometric checks would leave gaps in the security framework.