Question 20
Domain 3 — Privacy Architecture and Data Protection by DesignWhich authentication practice is being used when an organization requires a photo on a government-issued identi cation card to validate an in- person credit card purchase?
Correct answer: B
Explanation
Knowledge-based credential authentication uses information tied to a credential to verify identity. Requiring a photo on a government-issued identification card to validate an in-person credit card purchase matches this method because the merchant compares the cardholder to the credential’s photo before approving the transaction.
Why each option is right or wrong
A. Possession factor authentication
Possession factor means proving you have something, like a card or token, not matching identity details.
B. Knowledge-based credential authentication
The merchant is verifying the purchaser against a government-issued credential by comparing the person present to the photograph on the ID, which is a credential-based identity check rather than a separate biometric or possession-only control. In card-present transactions, this is the standard manual verification step tied to the presented identification document, and it relies on the identifying information embedded in the credential itself to confirm the cardholder’s identity.
C. Multi-factor authentication
Multi-factor requires two or more distinct factor types; this describes a single identity-checking method.
D. Biometric authentication
Biometric authentication uses measured physical traits directly, not a printed photo on an ID.