Exam SY0-601 topic 1 question 224 discussion

I vote impossible travel time. It states it is a worldwide company so you cannot set up a geofencing perimeter. However you could have impossible travel time alerts.

Agree with B here

Impossible travel is a cybersecurity detection method used to identify potential compromise or unauthorized access to user accounts. It detects instances where a user’s account is accessed from two different countries within an unreasonably short timeframe, suggesting that conventional travel between those locations would be impossible.

Is impossible travel time a policy though? I understand that it is impossible travel time, but the question asks for a policy.

I think the main point is that we don't want to forbid/allow logins from a specific place, and that's what A, C and D would accomplish. We're just worried because the same user is attempting login only seconds apart from very distant places. B is the answer.

Impossible travel time detection identifies unusual and impossible user activity between two locations, considering factors such as the time it would take to travel between the locations . By implementing impossible travel time-based policies, the company can detect and potentially block access attempts that are geographically distant and occur within a time frame that is too short for the user to have traveled between the locations

The "Impossible travel time" account policy would be the best option to prevent this type of attack. This policy involves analyzing the time it would take for a user to log in from one location to another and determining if it is possible within a realistic time frame. If the login from different geographic locations occurs within an impossibly short period, the system can flag it as suspicious and take appropriate action, such as triggering an alert, blocking the login attempt, or requesting additional authentication measures from the user. This helps detect and prevent fraudulent login attempts from remote locations that would be physically impossible for a user to reach within a short time frame.

"Impossible travel time/risky login - This is a common attribute today used in cloud environments such as Azure that can identify impossible travel time. This means that if you log in from Japan at 6:00 a.m. UTC and then Halifax at 7:00 a.m. UTC , an impossible travel notification is triggered, as there is no way that you would be able to travel between those two physical locations within that period of time. This is considered a risky login and can be blocked or require multifactor authentication (MFA)." -Security+ Certification Bundle Fourth Edition Exam SY0-601 by Glen Clarke & Dan Lachance

Need to pay attention to the question. Impossible travel time would be the only answer as the company is worldwide.

I would normally have selected Geolocation. However, the question was adamant on mentioned the distance and time between logins. Geolocation, would stop you from logging in outside of a different area entirely. While in this case, it seems that the issue is the amount of time that occurred between logins between places. We have to look at the inner workings of the question itself. Because geolocation would work if it they only wanted users to login while in France. It may not sound like it but "impossible travel time" is actually a policy type thing.

B correct

Is this not Geofencing?

B correct