Certified Administrative Professional (CAP) Practice Exam

The correct answer is that multi-factor authentication is a requirement at E-authentication level three as specified in NIST Special Publication 800-63. This level is designed for scenarios where the risk of adverse impact from unauthorized access is considered moderate to high.

At this level, the use of multi-factor authentication significantly enhances the security of the authentication process. It requires the user to present two or more independent credentials for authentication, which can include something they know (like a password), something they have (like a smart card or mobile device), or something they are (like biometrics). This layered approach to security minimizes the risk of unauthorized access because even if one factor is compromised, the others still provide barriers against intrusion.

Lower levels, such as one or two, do not require multi-factor authentication, allowing for single-factor methods that may not sufficiently protect sensitive data or systems in contexts with higher risk. Level four is also not applicable in this context as it is typically reserved for the highest security needs, which may include strong additional measures beyond what is defined for level three. Thus, understanding the specific requirements outlined in NIST SP 800-63 helps clarify the critical security measures necessitated by different levels of E-authentication.