220-1002 · Question #819
220-1002 Question #819: Real Exam Question with Answer & Explanation
The correct answer is A: Enable multifactor authentication for each support account.. Two controls work best together here. A) Enabling MFA means that even if an attacker successfully brute-forces a password, they still cannot log in without the second factor (e.g., a phone app or hardware token), directly neutralizing the brute force threat. C) Blocking logins fr
Question
Options
- AEnable multifactor authentication for each support account.
- BLimit remote access to destinations inside the corporate network.
- CBlock all support accounts from logging in from foreign countries.
- DConfigure a replacement remote-access tool for support cases.
- EPurchase a password manager for remote tool users.
- FEnforce account lockouts after five bad password attempts.
Explanation
Two controls work best together here. A) Enabling MFA means that even if an attacker successfully brute-forces a password, they still cannot log in without the second factor (e.g., a phone app or hardware token), directly neutralizing the brute force threat. C) Blocking logins from foreign countries restricts the geographic attack surface - most mass brute-force campaigns originate from overseas IPs, so geo-blocking prevents those attempts from reaching the tool at all. B) Limiting to corporate network is too restrictive for a support tool that needs external access. D) Replacing the tool doesn't address the underlying vulnerability. E) A password manager improves password strength but does nothing against automated brute-force attacks. F) Account lockouts help but can be bypassed with slow-rate attacks and risk locking out legitimate support staff. The combination of MFA (A) and geo-restriction (C) provides the strongest layered defense.
Community Discussion
No community discussion yet for this question.