Exam CS0-003 topic 1 question 120 discussion

Another excellent question from Comptia. How do you sweeten your tea? 1 - Pour hot water and add sugar; or 2 - Add sugar and pour hot water.

Implementing MFA immediately after a credential leak doesn't make sense because attackers could use the leaked credentials to set up MFA on their own devices. The most immediate and effective response is to enforce password changes to neutralize the compromised credentials.

This is just my opinion. Multifactor authentication (MFA) would immediately mitigate the risk of attackers using stolen credentials, as they would lack the second authentication factor

CompTIA emphasizes preventative and layered security controls, especially those that: Mitigate future risk Prevent the reuse of stolen credentials Are aligned with best practices (like zero trust and defense in depth) MFA is often considered a strategic control that makes leaked passwords far less dangerous.

B is the correct answer. As cartman_sc mentioned, if the password issue is not immediately remediated before setting up MFA, attackers can use the leaked credentials to set up MFA on their own devices, rendering the MFA useless.

If you're compromised then the best immediate remediation would be to force all employees to change their passwords immediately to regain control of their accounts and implement multi-factor authentication afterwards for extra security.

While changing password is necessary, attackers may have already accessed accounts before the passwords are changed. Also, users might reuse passwords elsewhere.

Correct Answer: A. Multifactor authentication Analysis: Multifactor authentication (MFA) is the best remediation to reduce the impact of this situation. MFA adds an additional layer of security by requiring a second form of verification (such as a code sent to a phone) in addition to the password. This ensures that even if passwords are compromised, unauthorized access is still prevented. Explanation of Other Options: B. Password changes: While changing passwords is necessary and should be done immediately, it does not address the fundamental issue of providing an additional layer of security against future compromises. C. System hardening: This involves securing systems by reducing their surface of vulnerability, but it doesn't directly address the immediate threat posed by the leaked credentials. D. Password encryption: Ideally, passwords should already be encrypted. However, once passwords are leaked, encryption cannot reverse the compromise.

I would go with forcing Password Changes, since it would be easier and quicker to implement than MFA if it isn't already in place.

While necessary after a compromise, changing passwords alone does not address the risk of attackers using the credentials before the change. MFA adds an additional layer of protection.

B. Password changes best describes the immediate remediation that could reduce the impact of this situation. Changing passwords ensures that the leaked credentials are no longer valid, preventing unauthorized access. Multifactor authentication (A) is also a strong security measure but is more of a preventive control rather than an immediate remediation. System hardening and password encryption (D) are important security practices but do not directly address the immediate need to invalidate the compromised credentials.

From Chatgpt: Multifactor authentication (MFA) is the best immediate remediation to reduce the impact of the leaked credentials. It ensures that even if attackers have the correct usernames and passwords, they cannot easily gain access without the second authentication factor. This significantly enhances security and mitigates the risk of unauthorized access. Password changes: While requiring all employees to change their passwords is an important step, it is not sufficient on its own. Attackers could still use other compromised credentials or intercept new passwords. Without additional measures, simply changing passwords does not fully mitigate the risk.

Implementing MFA adds an extra layer of security beyond just passwords. Even if usernames and passwords are compromised, an attacker would still need an additional authentication factor (such as a one-time code sent to a mobile device or a biometric scan) to gain access to accounts. MFA significantly reduces the risk of unauthorized access, even with leaked credentials.

B is the fastest and cheapest method. My experience with CompTIA is that they tend to the treat the cheapest answer be the "best" answer. Not to mention they could implement MFA later but in the immediate they must change the passwords.

Multifactor authentication (MFA) is a security method that requires users to provide two or more pieces of evidence to verify their identity, such as a password, a PIN, a fingerprint, or a one-time code. MFA can reduce the impact of a credential leak because even if the attackers have the usernames and passwords of the employees, they would still need another factor to access the organization's systems and resources. Password changes, system hardening, and password encryption are also good security practices, but they do not address the immediate threat of compromised credentials.

B. Password changes. You can't put a lock (MFA) after the thief is in your house, it's useless. You need to first fix the problem: thief in your house (password leak), and then you can add the lock (MFA). This question is asking about remediation, what you can do to fix the mess of the passwords being leaked, so: change them all. It's not asking how to make it harder for someone with the leaked passwords to access the service.

The trick in this question is that they want to see what your immediate response would be as a security analysist, NOT secondary response. "Change passwords" = Immediate response. Add MFA= Secondary response in this case and for this question. Password encryption and hardening maybe implemented late. But, when the damage has been done, they are asking for immediate remediation which, in this case, change passwords. Hope this help.