CompTIA Cloud+ Practice Test

What is the BEST method to mitigate the risk of password replay attacks in a multi-tenant SaaS application?

• A. Implement destination resources authentication.
• B. Require and implement two-factor authentication.
• C. Remove administrator privileges from users' laptops.
• D. Combine network authentication and physical security in one card/token.

The correct answer is: Require and implement two-factor authentication.

Requiring and implementing two-factor authentication is the best method to mitigate the risk of password replay attacks in a multi-tenant SaaS application. Two-factor authentication enhances account security by adding an additional layer beyond just the username and password. In a password replay attack, cybercriminals capture and reuse valid credentials to gain unauthorized access to a system. By implementing two-factor authentication, even if an attacker obtains the user's password, they will still need the second factor, which is typically something the user has on them (like a smartphone for an authentication app or a hardware token), to complete the login process successfully. This significantly decreases the chances of unauthorized access, as it's not enough for the attacker to possess just the username and password. While the other methods proposed may contribute to overall security in varying ways, they do not specifically target the unique threat posed by password replay attacks as effectively. For example, destination resources authentication and network authentication can enhance security but might not address replay attacks directly. Removing administrator privileges can improve security on the user's device but doesn't prevent an attacker from using captured credentials. Combining network authentication and physical security can enhance security postures but lacks the specific focus on mitigating the replay attack scenario. Two-factor authentication, with its layering effect, stands out as