CDPSE · Question #302
A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauthorized access?
The correct answer is D. Secure login with multi-factor authentication (MFA).. Multi-factor authentication (MFA) is the best control against unauthorized access because it requires attackers to compromise multiple independent factors, not just stolen credentials.
Question
A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauthorized access?
Options
- ABlock login from known malicious Internet Protocol (IP) addresses.
- BProtect the login with a web application firewall (WAF).
- CRestrict login to permissible destinations based on IP geolocation.
- DSecure login with multi-factor authentication (MFA).
How the community answered
(35 responses)- A9% (3)
- B6% (2)
- C3% (1)
- D83% (29)
Why each option
Multi-factor authentication (MFA) is the best control against unauthorized access because it requires attackers to compromise multiple independent factors, not just stolen credentials.
Blocking known malicious IP addresses is a useful supplementary control but is ineffective against attackers using clean IPs, residential proxies, or VPNs, and does not protect against compromised credentials.
A web application firewall protects against web-layer attacks such as SQL injection and XSS but is not specifically designed to prevent unauthorized login using valid or stolen credentials.
IP geolocation restrictions would be counterproductive for a travel agency whose customers legitimately log in from many international destinations and would not prevent attackers in permitted regions from gaining unauthorized access.
MFA requires users to present two or more verification factors - such as a password combined with a one-time passcode or biometric - making credential theft alone insufficient for unauthorized access. For a travel agency application used globally by customers, MFA protects all accounts regardless of location or network, directly addressing the unauthorized access threat. It is the most universally effective technical control for preventing account compromise.
Concept tested: Multi-factor authentication to prevent unauthorized cloud access
Source: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks
Topics
Community Discussion
No community discussion yet for this question.