CompTIA CAS-005 Exam - Topic 4 Question 25 Discussion

Actual exam question for CompTIA's CAS-005 exam

Question #: 25
Topic #: 4

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.

All administrators use named accounts that require multifactor authentication.

Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

AConfigure token theft detection on the single sign-on system with automatic account lockouts.

BEnable context-based authentication when network locations change on administrator login attempts.

CDecentralize administrator accounts and force unique passwords for each application.

DEnforce biometric authentication requirements for the administrator's named accounts.

Show Suggested Answer

Suggested Answer: B

The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:

A . Token theft detection with lockouts:Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.

B . Context-based authentication:This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.

C . Decentralize accounts:This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.

by Mable at Apr 05, 2026, 03:57 AM

Limited Time Offer

25%

2 months ago

I remember we discussed how token theft detection could help, but I'm not sure if it would be enough on its own.

upvoted 0 times

...