Which of the following, in addition to a password, can be asked of a user...

Multi-factor authentication (MFA) requires two or more different categories of authentication factors:

Something you know (password, PIN)

Something you have (smart card, hardware token)

Something you are (biometric)

The only valid second factor here is a hard token (e.g., a key fob generating one-time codes).

A. PIN is still “something you know,” the same category as a password.

B. Favorite color is a weak knowledge-based factor, not a true second factor.

D. Mother’s maiden name is also “something you know” and insecure.

References (CompTIA Network+ N10-009):

Domain: Network Security — Authentication methods, MFA factor categories.