The correct answer is A.
OBJ-2.1: This approach is an example of dual control authentication. Dual control authentication is used when performing a sensitive action. It requires the participation of two different users to log in (in this case, one with the password and one with the token). Transitive trust is a technique via which a user/entity has already undergone authentication by one communication network to access resources in another communication network without having to undergo authentication a second time. Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources required to perform routine, legitimate activities. Security through obscurity is the reliance on security engineering in the design or implementation of secrecy as the main method of providing security to a system or component.