CAS-005 Question #204: Real Exam Question with Answer & Explanation

Question

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following: - An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes. - All administrators use named accounts that require multifactor authentication. - Single sign-on is used for all company applications. Which of the following should the security architect do to mitigate the issue?

Options

• AConfigure token theft detections on the single sign-on system with automatic account lockouts.
• BEnable context-based authentication when network locations are changed on administrator
• CDecentralize administrator accounts and force unique passwords for each application.
• DEnforce biometric authentication requirements for the administrator's named accounts.

Explanation

Because the attacker leveraged a hijacked SSO session from multiple ASNs in a short span, the core weakness wasn’t the lack of MFA or unique passwords but the absence of adaptive controls around session/context. By enforcing context-based (a.k.a. conditional or risk-based) authentication, so that any administrator login originating from an unfamiliar ASN, geography, or network triggers an additional verification step or is blocked entirely, you’ll catch and stop token replay or theft attacks that bypass standard MFA once a session is already valid. This step-up approach directly addresses anomalous location changes, thwarting the exact attack pattern

No community discussion yet for this question.