nerdexam
ExamsCAS-003Questions#712
CompTIA

CAS-003 · Question #712

CAS-003 Question #712: Real Exam Question with Answer & Explanation

The correct answer is D: Multifactor authentication. For a publicly accessible SaaS storage service exposed over standard APIs on the internet, multifactor authentication (MFA) provides the strongest protection by ensuring that even compromised credentials alone cannot grant access to customer data. Since the attack surface is the

Question

A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?

Options

  • ADetailed application logging
  • BUse of non-standard ports
  • CWeb application firewall
  • DMultifactor authentication

Explanation

For a publicly accessible SaaS storage service exposed over standard APIs on the internet, multifactor authentication (MFA) provides the strongest protection by ensuring that even compromised credentials alone cannot grant access to customer data. Since the attack surface is the entire public internet, the primary risk is unauthorized access to accounts. Application logging (A) aids in detection but does not prevent access. Non-standard ports (B) provide only trivial security through obscurity. A WAF (C) protects against web application attacks but does not directly protect against credential-based unauthorized access to storage. MFA directly addresses the highest-impact risk for a data storage service.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice