New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CAS-005 Exam - Topic 1 Question 19 Discussion

Actual exam question for CompTIA's CAS-005 exam
Question #: 19
Topic #: 1
[All CAS-005 Questions]

[Governance, Risk, and Compliance (GRC)]

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.

All administrators use named accounts that require multifactor authentication.

Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed

The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:

A . Token theft detection with lockouts:Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.

B . Context-based authentication:This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.

C . Decentralize accounts:This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.


by Jin at Aug 18, 2025, 09:29 AM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ettie
2 months ago
Wait, how did the hijacking happen if MFA was in place?
upvoted 0 times
...
Sylvia
2 months ago
D could be overkill, but I like the idea of biometrics!
upvoted 0 times
...
Luisa
2 months ago
I think B is more effective for context-based security.
upvoted 0 times
...
Miles
2 months ago
Sounds like A is the best option to prevent token theft.
upvoted 0 times
...
Pok
3 months ago
Really? Decentralizing accounts seems risky, not sure about C.
upvoted 0 times
...
Kathrine
3 months ago
I was leaning towards D, enforcing biometric authentication, because it seems like a strong way to secure admin accounts. But I wonder if it could be too restrictive for some users.
upvoted 0 times
...
Shanice
3 months ago
I'm a bit confused about decentralizing accounts in option C. I know it can help, but wouldn't that complicate management? I feel like there might be better solutions.
upvoted 0 times
...
Shaniqua
4 months ago
I think enabling context-based authentication, like option B, makes sense since it adds an extra layer of security based on location. We practiced a similar question about adaptive authentication last week.
upvoted 0 times
...
Chandra
4 months ago
I remember we discussed the importance of token theft detection in our last study group. It seems like A could be a good option, but I'm not entirely sure if it's the best one.
upvoted 0 times
...
Vallie
4 months ago
I think the most straightforward approach here is to go with option A. Configuring the single sign-on system to detect token theft and automatically lock out accounts seems like the most effective way to mitigate the issue.
upvoted 0 times
...
Claudia
4 months ago
I'm a bit confused by the options presented. Decentralizing administrator accounts and forcing unique passwords for each app seems like it could be overly complex. Biometric authentication might be overkill for this scenario.
upvoted 0 times
...
Shawn
4 months ago
Okay, I've got a few ideas here. Implementing token theft detection and automatic account lockouts could be a good start. But I'm also wondering if context-based authentication might be a better solution.
upvoted 0 times
...
Charlie
4 months ago
Hmm, the fact that the administrator's account was hijacked is concerning. I think the key is to focus on strengthening the authentication process to prevent this from happening again.
upvoted 0 times
...
Melda
5 months ago
This seems like a tricky one. I'll need to carefully consider the details provided to determine the best approach.
upvoted 0 times
...
Tu
5 months ago
But with token theft detection, we can prevent unauthorized access.
upvoted 0 times
...
Valentin
5 months ago
I disagree, I believe option B is more effective.
upvoted 0 times
...
Tu
5 months ago
I think option A is the best choice.
upvoted 0 times
...
Samira
5 months ago
Biometric auth for admins? Nah, that's overkill. Context-based auth makes more sense to me - detect suspicious logins and lock 'em down.
upvoted 0 times
Bea
1 month ago
Token theft detection is also a solid choice. Can't hurt to have multiple defenses!
upvoted 0 times
...
Ilene
2 months ago
I agree! It adds an extra layer without being too extreme.
upvoted 0 times
...
Francis
2 months ago
Context-based auth is definitely the way to go.
upvoted 0 times
...
Mozell
3 months ago
Biometric sounds cool, but it could slow things down.
upvoted 0 times
...
...
Anglea
6 months ago
Looks like the SSO system was the weak link here. Option A seems like the best way to catch and stop those hijacked accounts quickly.
upvoted 0 times
Frederica
5 months ago
Option A seems like a good choice to prevent future breaches.
upvoted 0 times
...
...

Save Cancel