An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?
An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?
To reduce the impact of leaked usernames and passwords, implementing multifactor authentication (MFA) is the most effective measure. Even if attackers have the correct usernames and passwords, MFA requires an additional verification factor, such as a one-time code sent to a mobile device or a biometric scan, making it significantly harder for unauthorized access. This provides a robust security layer that passwords alone cannot offer.
Another excellent question from Comptia. How do you sweeten your tea? 1 - Pour hot water and add sugar; or 2 - Add sugar and pour hot water.
Implementing MFA immediately after a credential leak doesn't make sense because attackers could use the leaked credentials to set up MFA on their own devices. The most immediate and effective response is to enforce password changes to neutralize the compromised credentials.
B. Password changes. You can't put a lock (MFA) after the thief is in your house, it's useless. You need to first fix the problem: thief in your house (password leak), and then you can add the lock (MFA). This question is asking about remediation, what you can do to fix the mess of the passwords being leaked, so: change them all. It's not asking how to make it harder for someone with the leaked passwords to access the service.
Password Changes (B): This is the most immediate action that can be taken to prevent unauthorized access using the leaked usernames and passwords. Once the passwords are changed, the leaked information becomes outdated and can't be used for unauthorized access.
The leaked information is not outdate with a password change. The username is still valid. The option said, "change password". A brute force attack could comprise the system. A MFA however, adds another level of protection.
The trick in this question is that they want to see what your immediate response would be as a security analysist, NOT secondary response. "Change passwords" = Immediate response. Add MFA= Secondary response in this case and for this question. Password encryption and hardening maybe implemented late. But, when the damage has been done, they are asking for immediate remediation which, in this case, change passwords. Hope this help.
B is the fastest and cheapest method. My experience with CompTIA is that they tend to the treat the cheapest answer be the "best" answer. Not to mention they could implement MFA later but in the immediate they must change the passwords.
From Chatgpt: Multifactor authentication (MFA) is the best immediate remediation to reduce the impact of the leaked credentials. It ensures that even if attackers have the correct usernames and passwords, they cannot easily gain access without the second authentication factor. This significantly enhances security and mitigates the risk of unauthorized access. Password changes: While requiring all employees to change their passwords is an important step, it is not sufficient on its own. Attackers could still use other compromised credentials or intercept new passwords. Without additional measures, simply changing passwords does not fully mitigate the risk.
B) password changes Think about it. A user calls in and says they believe their password was compromised. What's the first thing you tell them to do? Change your password. Changing the passwords would invalidate the leaked data. After that, you can implement MFA. Implementing MFA prior to changing the data makes no sense, since the attackers already have 1/2 the information needed to sign in.
B. Password changes best describes the immediate remediation that could reduce the impact of this situation. Changing passwords ensures that the leaked credentials are no longer valid, preventing unauthorized access. Multifactor authentication (A) is also a strong security measure but is more of a preventive control rather than an immediate remediation. System hardening and password encryption (D) are important security practices but do not directly address the immediate need to invalidate the compromised credentials.
I would go with forcing Password Changes, since it would be easier and quicker to implement than MFA if it isn't already in place.
If you're compromised then the best immediate remediation would be to force all employees to change their passwords immediately to regain control of their accounts and implement multi-factor authentication afterwards for extra security.
Users can reuse the same password on password change, MFA will make the leak useless since they need another form of authentication
But then MFA would be mitigation not remediation. To remediate, password changes would make most sense.
The question said "the remediation that could reduce the impact of this situation" Password changes, would be a good option if users were aware of the security breach. If attackers already have a password, they could easily figure out the new password. (PEKBAC error) Password encryption is essential for storing passwords securely, but it doesn't prevent unauthorized access when passwords are already compromised. Only the existence of multifactor authentication adds extra protection and ensures that even if the attacker gets a username and password, he cannot access the systems.
The question said "the remediation that could reduce the impact of this situation" Password changes, would be a good option if users were aware of the security breach. If attackers already have a password, they could easily figure out the new password. (PEKBAC error) Password encryption is essential for storing passwords securely, but it doesn't prevent unauthorized access when passwords are already compromised. Only the existence of multifactor authentication adds extra protection and ensures that even if the attacker gets a username and password, he cannot access the systems.
Only the existence of multifactor authentication adds extra protection and ensures that even if the attacker gets a username and password, he cannot access the systems.
I agree that the prior existence of MFA is best, but as a remediation, wouldn't MFA be more effective than just changing the password, since the vulnerability still exists? The attacker could just steal the new passwords, but they couldn't steal fingerprints, etc...
Password Reset: Promptly reset the passwords of all affected user accounts. Ensure that the new passwords meet strong security requirements (length, complexity, uniqueness). Multifactor Authentication (MFA): Implement or enforce MFA for all user accounts. MFA adds an extra layer of protection by requiring additional verification beyond passwords. User Communication: Communicate with all employees about the incident transparently and provide clear instructions on password reset procedures. Emphasize the importance of not reusing passwords across multiple accounts.
B is the correct answer. As cartman_sc mentioned, if the password issue is not immediately remediated before setting up MFA, attackers can use the leaked credentials to set up MFA on their own devices, rendering the MFA useless.
This should have been answered with an "order of steps" answer. According to FRSecure, the steps are: 1. Change passwords 2. Enable MFA. 3. Disable remote login. 4.Revoke tokens. That makes more sense because no one is going to do just one thing about it.
Not all systems support MFA. I think only B can respond immediately.
I vote A because it's asking for improvement. Option B will just have the same level of protection, but of course it's undeniably important that everyone should change their passwords following this event.
To remediate, password changes would make most sense.
Multifactor authentication (MFA) is a security method that requires users to provide two or more pieces of evidence to verify their identity, such as a password, a PIN, a fingerprint, or a one-time code. MFA can reduce the impact of a credential leak because even if the attackers have the usernames and passwords of the employees, they would still need another factor to access the organization's systems and resources. Password changes, system hardening, and password encryption are also good security practices, but they do not address the immediate threat of compromised credentials.
Implementing MFA adds an extra layer of security beyond just passwords. Even if usernames and passwords are compromised, an attacker would still need an additional authentication factor (such as a one-time code sent to a mobile device or a biometric scan) to gain access to accounts. MFA significantly reduces the risk of unauthorized access, even with leaked credentials.
While necessary after a compromise, changing passwords alone does not address the risk of attackers using the credentials before the change. MFA adds an additional layer of protection.
While important, changing passwords alone won’t fully mitigate the risk, as passwords could be leaked again or reused elsewhere. MFA provides ongoing protection even if passwords are compromised.
Correct Answer: A. Multifactor authentication Analysis: Multifactor authentication (MFA) is the best remediation to reduce the impact of this situation. MFA adds an additional layer of security by requiring a second form of verification (such as a code sent to a phone) in addition to the password. This ensures that even if passwords are compromised, unauthorized access is still prevented. Explanation of Other Options: B. Password changes: While changing passwords is necessary and should be done immediately, it does not address the fundamental issue of providing an additional layer of security against future compromises. C. System hardening: This involves securing systems by reducing their surface of vulnerability, but it doesn't directly address the immediate threat posed by the leaked credentials. D. Password encryption: Ideally, passwords should already be encrypted. However, once passwords are leaked, encryption cannot reverse the compromise.
While changing password is necessary, attackers may have already accessed accounts before the passwords are changed. Also, users might reuse passwords elsewhere.
CompTIA emphasizes preventative and layered security controls, especially those that: Mitigate future risk Prevent the reuse of stolen credentials Are aligned with best practices (like zero trust and defense in depth) MFA is often considered a strategic control that makes leaked passwords far less dangerous.
This is just my opinion. Multifactor authentication (MFA) would immediately mitigate the risk of attackers using stolen credentials, as they would lack the second authentication factor
Domain 4.2 – “Recommend appropriate response and recovery strategies.” Lists implementing MFA (multifactor / strong authentication) as a primary response to credential-compromise situations. Domain 1.5 – “Explain the importance of awareness training.” Discusses credential reuse, credential-stuffing, and why organizations should adopt MFA to reduce the blast-radius of a leaked password set.
Groq, Gemini, ChatGPT, and Copilot - A. The best option to reduce the impact of this situation is A. Multifactor authentication (MFA). While password changes (B) are important and should be done immediately, they don’t fully mitigate the risk if attackers already have access or use credentials elsewhere. System hardening (C) improves overall security posture but doesn’t directly address credential leaks. Password encryption (D) is a preventive measure, but once credentials are leaked, encryption won’t help. Multifactor authentication adds an extra layer of security, making it much harder for attackers to access accounts even if they have stolen usernames and passwords. Organizations should enforce MFA across all critical systems to reduce the risk of unauthorized access.