nerdexam
ExamsCV0-003Questions#294
CompTIA

CV0-003 · Question #294

CV0-003 Question #294: Real Exam Question with Answer & Explanation

The correct answer is B: Require and implement two-factor authentication.. Two-factor authentication prevents password replay attacks by requiring a time-sensitive or single-use second factor that an attacker cannot reuse even after intercepting the password credential.

Security

Question

An organization is replacing its internal human resources system with a SaaS-based application. The solution is multi-tenant, and the organization wants to ensure ubiquitous access while preventing password replay attacks. Which of the following would BEST help to mitigate the risk?

Options

  • AImplement destination resources authentication.
  • BRequire and implement two-factor authentication.
  • CRemove administrator privileges from users' laptops.
  • DCombine network authentication and physical security in one card/token.

Explanation

Two-factor authentication prevents password replay attacks by requiring a time-sensitive or single-use second factor that an attacker cannot reuse even after intercepting the password credential.

Common mistakes.

  • A. Destination resource authentication is a generic access-control concept that does not inherently produce one-time or time-bound credentials, so it does not block an attacker from successfully replaying a captured credential.
  • C. Removing local administrator privileges reduces the risk of malware escalation on endpoints but does not prevent an attacker from replaying captured SaaS credentials against a remotely hosted application.
  • D. A combined physical-and-network authentication card requires physical card possession and is designed for on-premises or badge-access scenarios, making it incompatible with the ubiquitous access requirement of a SaaS deployment.

Concept tested. Two-factor authentication preventing credential replay attacks

Reference. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks

Topics

#multi-factor authentication#password replay attacks#SaaS security#MFA

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CV0-003 Practice