To mitigate password replay risks in a SaaS deployment, which security measure provides the strongest protection?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your skills for the CompTIA Cloud+ exam. Prepare with interactive quizzes, detailed explanations, and real exam simulations. Set the stage for your cloud certification success!

Multiple Choice

To mitigate password replay risks in a SaaS deployment, which security measure provides the strongest protection?

Explanation:
Two-factor authentication adds a second, independent credential beyond the password. In a SaaS environment, a password alone can be captured and reused in a replay attack. But with MFA, the attacker would also need the second factor—such as a one-time code from an authenticator app, a hardware token, or a biometric check—which either changes each login or is bound to a specific session. Because that second factor isn’t easily replayed or is short-lived, simply reusing a stolen password isn’t enough to gain access. The other options don’t provide that same level of protection against replay. Relying on the destination resource to authenticate doesn’t stop a replayed credential from being accepted. Removing administrator privileges reduces potential damage but doesn’t prevent a legitimate credential from being replayed to access allowed resources. Combining network authentication and physical security in one card/token can be strong, but without a separate second factor (something you have plus something you know or are), it isn’t as robust against replay as true two-factor authentication.

Two-factor authentication adds a second, independent credential beyond the password. In a SaaS environment, a password alone can be captured and reused in a replay attack. But with MFA, the attacker would also need the second factor—such as a one-time code from an authenticator app, a hardware token, or a biometric check—which either changes each login or is bound to a specific session. Because that second factor isn’t easily replayed or is short-lived, simply reusing a stolen password isn’t enough to gain access.

The other options don’t provide that same level of protection against replay. Relying on the destination resource to authenticate doesn’t stop a replayed credential from being accepted. Removing administrator privileges reduces potential damage but doesn’t prevent a legitimate credential from being replayed to access allowed resources. Combining network authentication and physical security in one card/token can be strong, but without a separate second factor (something you have plus something you know or are), it isn’t as robust against replay as true two-factor authentication.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy