An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?
An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?
To reduce the impact of leaked usernames and passwords, implementing multifactor authentication (MFA) is the most effective measure. Even if attackers have the correct usernames and passwords, MFA requires an additional verification factor, such as a one-time code sent to a mobile device or a biometric scan, making it significantly harder for unauthorized access. This provides a robust security layer that passwords alone cannot offer.
Another excellent question from Comptia. How do you sweeten your tea? 1 - Pour hot water and add sugar; or 2 - Add sugar and pour hot water.
Implementing MFA immediately after a credential leak doesn't make sense because attackers could use the leaked credentials to set up MFA on their own devices. The most immediate and effective response is to enforce password changes to neutralize the compromised credentials.
From Chatgpt: Multifactor authentication (MFA) is the best immediate remediation to reduce the impact of the leaked credentials. It ensures that even if attackers have the correct usernames and passwords, they cannot easily gain access without the second authentication factor. This significantly enhances security and mitigates the risk of unauthorized access. Password changes: While requiring all employees to change their passwords is an important step, it is not sufficient on its own. Attackers could still use other compromised credentials or intercept new passwords. Without additional measures, simply changing passwords does not fully mitigate the risk.
B. Password changes. You can't put a lock (MFA) after the thief is in your house, it's useless. You need to first fix the problem: thief in your house (password leak), and then you can add the lock (MFA). This question is asking about remediation, what you can do to fix the mess of the passwords being leaked, so: change them all. It's not asking how to make it harder for someone with the leaked passwords to access the service.
Password Changes (B): This is the most immediate action that can be taken to prevent unauthorized access using the leaked usernames and passwords. Once the passwords are changed, the leaked information becomes outdated and can't be used for unauthorized access.
The leaked information is not outdate with a password change. The username is still valid. The option said, "change password". A brute force attack could comprise the system. A MFA however, adds another level of protection.
B is the fastest and cheapest method. My experience with CompTIA is that they tend to the treat the cheapest answer be the "best" answer. Not to mention they could implement MFA later but in the immediate they must change the passwords.
The trick in this question is that they want to see what your immediate response would be as a security analysist, NOT secondary response. "Change passwords" = Immediate response. Add MFA= Secondary response in this case and for this question. Password encryption and hardening maybe implemented late. But, when the damage has been done, they are asking for immediate remediation which, in this case, change passwords. Hope this help.
B) password changes Think about it. A user calls in and says they believe their password was compromised. What's the first thing you tell them to do? Change your password. Changing the passwords would invalidate the leaked data. After that, you can implement MFA. Implementing MFA prior to changing the data makes no sense, since the attackers already have 1/2 the information needed to sign in.
Password Reset: Promptly reset the passwords of all affected user accounts. Ensure that the new passwords meet strong security requirements (length, complexity, uniqueness). Multifactor Authentication (MFA): Implement or enforce MFA for all user accounts. MFA adds an extra layer of protection by requiring additional verification beyond passwords. User Communication: Communicate with all employees about the incident transparently and provide clear instructions on password reset procedures. Emphasize the importance of not reusing passwords across multiple accounts.
I agree that the prior existence of MFA is best, but as a remediation, wouldn't MFA be more effective than just changing the password, since the vulnerability still exists? The attacker could just steal the new passwords, but they couldn't steal fingerprints, etc...
Only the existence of multifactor authentication adds extra protection and ensures that even if the attacker gets a username and password, he cannot access the systems.
Implementing MFA adds an extra layer of security beyond just passwords. Even if usernames and passwords are compromised, an attacker would still need an additional authentication factor (such as a one-time code sent to a mobile device or a biometric scan) to gain access to accounts. MFA significantly reduces the risk of unauthorized access, even with leaked credentials.
Multifactor authentication (MFA) is a security method that requires users to provide two or more pieces of evidence to verify their identity, such as a password, a PIN, a fingerprint, or a one-time code. MFA can reduce the impact of a credential leak because even if the attackers have the usernames and passwords of the employees, they would still need another factor to access the organization's systems and resources. Password changes, system hardening, and password encryption are also good security practices, but they do not address the immediate threat of compromised credentials.
To remediate, password changes would make most sense.
I vote A because it's asking for improvement. Option B will just have the same level of protection, but of course it's undeniably important that everyone should change their passwords following this event.
Not all systems support MFA. I think only B can respond immediately.
This should have been answered with an "order of steps" answer. According to FRSecure, the steps are: 1. Change passwords 2. Enable MFA. 3. Disable remote login. 4.Revoke tokens. That makes more sense because no one is going to do just one thing about it.