Access control methods are classified into three main authentication factors:
Something You Know – Passwords, PINs, security questions.
Something You Have – Physical devices like keycards, smart cards, or security tokens.
Something You Are – Biometrics such as fingerprints, retina scans, or voice recognition.
Why a Card-Key Scanner is the Correct Answer:
A card-key scanner verifies access using a physical card, which aligns with the "something you have" authentication factor.
Users must possess the key card to gain entry, making it a classic example of physical token-based security.
Why Other Options Are Incorrect:
A. A retina characteristics reader – Incorrect, as retina scans fall under "something you are" (biometrics), not "something you have".
B. A PIN code reader – Incorrect, as PIN codes are "something you know", not a physical possession.
D. A fingerprint scanner – Incorrect, as fingerprints are biometric ("something you are"), not a physical object.
IIA’s Perspective on Physical Security Controls:
IIA Standard 2110 – Governance emphasizes the importance of using multi-factor authentication to enhance security.
IIA GTAG (Global Technology Audit Guide) on Access Control recommends the use of physical security devices like card-key scanners to prevent unauthorized access.
ISO 27001 Information Security Standard identifies "something you have" authentication methods as critical components of access control.
IIA References:
IIA Standard 2110 – Governance & IT Security
IIA GTAG – Physical Security & Access Controls
ISO 27001 Information Security Standard – Multi-Factor Authentication
Thus, the correct and verified answer is C. A card-key scanner.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit