New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CCOA Exam - Topic 5 Question 10 Discussion

Actual exam question for Isaca's CCOA exam
Question #: 10
Topic #: 5
[All CCOA Questions]

After an organization's financial system was moved to a cloud-hosted solution that allows single sign-on (SSO) for authentication purposes, data was compromised by an individual logged onto the local network using a compromised username and password. What authentication control would have MOST effectively prevented this situation?

Show Suggested Answer Hide Answer
Suggested Answer: B

Multi-factor authentication (MFA) would have been the most effective control to prevent data compromise in this scenario:

Enhanced Security: MFA requires multiple authentication factors, such as a password (something you know) and a one-time code (something you have).

Mitigates Credential Theft: Even if a username and password are compromised, an attacker would still need the second factor to gain access.

SSO Integration: MFA can be seamlessly integrated with SSO to ensure robust identity verification.

Example: A user logs in with a password and then confirms their identity using an authenticator app.

Incorrect Options:

A . Challenge handshake: An outdated protocol for authentication, not as secure as MFA.

C . Token-based: Often used as part of MFA but alone does not mitigate password theft.

D . Single-factor: Only uses one method (e.g., a password), which is insufficient to protect against credential compromise.

Exact Extract from CCOA Official Review Manual, 1st Edition:

Refer to Chapter 4, Section 'Identity and Access Management,' Subsection 'Multi-Factor Authentication' - MFA is essential to prevent unauthorized access when credentials are compromised.


by Elden at Aug 04, 2025, 03:25 AM

Limited Time Offer

25%

Off

Get Premium CCOA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rana
2 months ago
Wait, they were using just a username and password? That's surprising!
upvoted 0 times
...
Zona
2 months ago
Not sure if that's the only solution.
upvoted 0 times
...
Vincenza
3 months ago
Challenge handshake sounds old school but effective.
upvoted 0 times
...
Malcom
3 months ago
Totally agree, multi-factor is a must these days!
upvoted 0 times
...
Dante
3 months ago
Multi-factor would have definitely helped here.
upvoted 0 times
...
Jonelle
3 months ago
I feel like single-factor authentication wouldn't have helped here, but I'm not completely confident about the other options.
upvoted 0 times
...
Alyce
4 months ago
I practiced a similar question where multi-factor authentication was highlighted as a key control, so I'm leaning towards option B again.
upvoted 0 times
...
Mica
4 months ago
I'm not entirely sure, but I think challenge handshake protocols are more about securing the connection rather than preventing unauthorized access.
upvoted 0 times
...
Jospeh
4 months ago
I remember studying that multi-factor authentication is really effective against compromised credentials, so I think option B might be the right choice.
upvoted 0 times
...
Giuseppe
4 months ago
Ah, I see what the question is getting at now. With the cloud-hosted system and SSO, multi-factor authentication would have been the best way to add an extra layer of security and prevent the compromise, even if the credentials were stolen. I feel confident about this one.
upvoted 0 times
...
Ashton
4 months ago
Okay, I've got this. The key here is that the data was compromised even though the user was logged in using single sign-on. So the most effective control would be something beyond just username and password, like a token-based or biometric authentication method.
upvoted 0 times
...
Lynda
5 months ago
Hmm, I'm a bit unsure about this one. I know multi-factor is a common security control, but I'm not sure if that's the most effective option here. Let me think this through a bit more.
upvoted 0 times
...
Tawna
5 months ago
This seems like a straightforward question about authentication controls. I think the answer is multi-factor authentication, since that would have prevented the compromise even with the stolen credentials.
upvoted 0 times
...
Wilda
5 months ago
I'm not sure, but I think token-based authentication could also have been effective in this situation.
upvoted 0 times
...
Jennifer
5 months ago
I agree with Cecilia, multi-factor authentication would have prevented this breach.
upvoted 0 times
...
Lorrine
5 months ago
Definitely multi-factor authentication. How else can you ensure that only authorized users can access the system?
upvoted 0 times
Niesha
2 months ago
Agreed! Multi-factor would have stopped that breach.
upvoted 0 times
...
Cory
2 months ago
Single-factor just isn't enough anymore.
upvoted 0 times
...
Laura
2 months ago
Absolutely, it adds that extra layer of security.
upvoted 0 times
...
Latanya
2 months ago
Multi-factor is the way to go!
upvoted 0 times
...
...
Cecilia
6 months ago
I think the answer is B) Multi-factor.
upvoted 0 times
...

Save Cancel