Exam CS0-003 topic 1 question 120 discussion

Another excellent question from Comptia. How do you sweeten your tea? 1 - Pour hot water and add sugar; or 2 - Add sugar and pour hot water.

Implementing MFA immediately after a credential leak doesn't make sense because attackers could use the leaked credentials to set up MFA on their own devices. The most immediate and effective response is to enforce password changes to neutralize the compromised credentials.

Both A and B could reduce the impact. The question has two key things: remediation + reduce impact Remediation is a long term which fix the root cause. Adding MFA could fix the issue right away.

Groq, Gemini, ChatGPT, and Copilot - A. The best option to reduce the impact of this situation is A. Multifactor authentication (MFA). While password changes (B) are important and should be done immediately, they don’t fully mitigate the risk if attackers already have access or use credentials elsewhere. System hardening (C) improves overall security posture but doesn’t directly address credential leaks. Password encryption (D) is a preventive measure, but once credentials are leaked, encryption won’t help. Multifactor authentication adds an extra layer of security, making it much harder for attackers to access accounts even if they have stolen usernames and passwords. Organizations should enforce MFA across all critical systems to reduce the risk of unauthorized access.

Domain 4.2 – “Recommend appropriate response and recovery strategies.” Lists implementing MFA (multifactor / strong authentication) as a primary response to credential-compromise situations. Domain 1.5 – “Explain the importance of awareness training.” Discusses credential reuse, credential-stuffing, and why organizations should adopt MFA to reduce the blast-radius of a leaked password set.

This is just my opinion. Multifactor authentication (MFA) would immediately mitigate the risk of attackers using stolen credentials, as they would lack the second authentication factor

CompTIA emphasizes preventative and layered security controls, especially those that: Mitigate future risk Prevent the reuse of stolen credentials Are aligned with best practices (like zero trust and defense in depth) MFA is often considered a strategic control that makes leaked passwords far less dangerous.

B is the correct answer. As cartman_sc mentioned, if the password issue is not immediately remediated before setting up MFA, attackers can use the leaked credentials to set up MFA on their own devices, rendering the MFA useless.

If you're compromised then the best immediate remediation would be to force all employees to change their passwords immediately to regain control of their accounts and implement multi-factor authentication afterwards for extra security.

While changing password is necessary, attackers may have already accessed accounts before the passwords are changed. Also, users might reuse passwords elsewhere.

Correct Answer: A. Multifactor authentication Analysis: Multifactor authentication (MFA) is the best remediation to reduce the impact of this situation. MFA adds an additional layer of security by requiring a second form of verification (such as a code sent to a phone) in addition to the password. This ensures that even if passwords are compromised, unauthorized access is still prevented. Explanation of Other Options: B. Password changes: While changing passwords is necessary and should be done immediately, it does not address the fundamental issue of providing an additional layer of security against future compromises. C. System hardening: This involves securing systems by reducing their surface of vulnerability, but it doesn't directly address the immediate threat posed by the leaked credentials. D. Password encryption: Ideally, passwords should already be encrypted. However, once passwords are leaked, encryption cannot reverse the compromise.

I would go with forcing Password Changes, since it would be easier and quicker to implement than MFA if it isn't already in place.

While necessary after a compromise, changing passwords alone does not address the risk of attackers using the credentials before the change. MFA adds an additional layer of protection.

B. Password changes best describes the immediate remediation that could reduce the impact of this situation. Changing passwords ensures that the leaked credentials are no longer valid, preventing unauthorized access. Multifactor authentication (A) is also a strong security measure but is more of a preventive control rather than an immediate remediation. System hardening and password encryption (D) are important security practices but do not directly address the immediate need to invalidate the compromised credentials.

From Chatgpt: Multifactor authentication (MFA) is the best immediate remediation to reduce the impact of the leaked credentials. It ensures that even if attackers have the correct usernames and passwords, they cannot easily gain access without the second authentication factor. This significantly enhances security and mitigates the risk of unauthorized access. Password changes: While requiring all employees to change their passwords is an important step, it is not sufficient on its own. Attackers could still use other compromised credentials or intercept new passwords. Without additional measures, simply changing passwords does not fully mitigate the risk.

Implementing MFA adds an extra layer of security beyond just passwords. Even if usernames and passwords are compromised, an attacker would still need an additional authentication factor (such as a one-time code sent to a mobile device or a biometric scan) to gain access to accounts. MFA significantly reduces the risk of unauthorized access, even with leaked credentials.

B is the fastest and cheapest method. My experience with CompTIA is that they tend to the treat the cheapest answer be the "best" answer. Not to mention they could implement MFA later but in the immediate they must change the passwords.