nerdexam
Isaca

CDPSE · Question #302

A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauthorized access?

The correct answer is D. Secure login with multi-factor authentication (MFA).. Multi-factor authentication (MFA) is the best control against unauthorized access because it requires attackers to compromise multiple independent factors, not just stolen credentials.

Privacy Architecture

Question

A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauthorized access?

Options

  • ABlock login from known malicious Internet Protocol (IP) addresses.
  • BProtect the login with a web application firewall (WAF).
  • CRestrict login to permissible destinations based on IP geolocation.
  • DSecure login with multi-factor authentication (MFA).

How the community answered

(35 responses)
  • A
    9% (3)
  • B
    6% (2)
  • C
    3% (1)
  • D
    83% (29)

Why each option

Multi-factor authentication (MFA) is the best control against unauthorized access because it requires attackers to compromise multiple independent factors, not just stolen credentials.

ABlock login from known malicious Internet Protocol (IP) addresses.

Blocking known malicious IP addresses is a useful supplementary control but is ineffective against attackers using clean IPs, residential proxies, or VPNs, and does not protect against compromised credentials.

BProtect the login with a web application firewall (WAF).

A web application firewall protects against web-layer attacks such as SQL injection and XSS but is not specifically designed to prevent unauthorized login using valid or stolen credentials.

CRestrict login to permissible destinations based on IP geolocation.

IP geolocation restrictions would be counterproductive for a travel agency whose customers legitimately log in from many international destinations and would not prevent attackers in permitted regions from gaining unauthorized access.

DSecure login with multi-factor authentication (MFA).Correct

MFA requires users to present two or more verification factors - such as a password combined with a one-time passcode or biometric - making credential theft alone insufficient for unauthorized access. For a travel agency application used globally by customers, MFA protects all accounts regardless of location or network, directly addressing the unauthorized access threat. It is the most universally effective technical control for preventing account compromise.

Concept tested: Multi-factor authentication to prevent unauthorized cloud access

Source: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks

Topics

#Multi-factor Authentication#Access Control#Application Security#Cloud Security

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice