Which of the following is NOT a category of access control?

Access control is fundamentally categorized into three main types, which are based on different methods of verifying a user’s identity or granting permissions. These categories help ensure that only authorized individuals can access or interact with systems and data.

The first category is "What you have," which typically includes physical tokens, access cards, or devices that a user must possess to gain access. The second category, "What you know," refers to knowledge-based authentication methods, such as passwords or personal identification numbers (PINs). The third category, "Who you are," focuses on biometric authentication, which involves verifying an individual's identity based on unique physical characteristics, such as fingerprints or facial recognition.

The choice that does not align with the established categories of access control is "Who you know." This phrase does not represent a method of authentication or access control; rather, it suggests a social network or relationship-based aspect that is irrelevant to the formal mechanisms of access control. Thus, it is the option that falls outside the recognized framework for categorizing access control methods.