A security analyst received an alert regarding multiple successful MFA log-ins for a particular user. When reviewing the authentication logs, the analyst sees the following:
Which of the following are most likely occurring, base on the MFA logs? (Choose two.)
Given the scenario provided, several factors must be considered to identify the most likely security issues. First, the occurrence of multiple successful MFA log-ins from geographically disparate locations within a very short time frame indicates a situation of 'impossible geo-velocity' — it is physically impossible for the same user to log in from the United States and Russia within minutes. Second, frequent successful MFA log-ins suggest that the user might be unknowingly giving access, potentially due to push phishing, where the victim is tricked into approving fraudulent MFA requests. Therefore, the two most likely occurrences are impossible geo-velocity and push phishing.
You couldn't be up to them...
C. Impossible geo-velocity : cant have made it from USA to Russia in 1 min D. Subscriber identity module swapping :Same with the device , SIM must have been cloned
Based on the MFA logs provided in the image, the most likely occurrences are: C. Impossible geo-velocity: The logs show logins from geographically distant locations (United States and Russia) within a short time frame, which is not physically possible. B. Push phishing: Multiple successful MFA log-ins suggest that someone might be tricking the user into approving authentication requests. Push phishing is a better option because it aligns more closely with the observed pattern of multiple successful MFA log-ins from different locations, suggesting the user might be unknowingly approving fraudulent requests. SIM swapping would not account for the impossible geo-velocity observed in the logs.