ISC2 Exam CISSP Topic 2 Question 85 Discussion

Actual exam question for ISC2's Certified Information Systems Security Professional exam

Question #: 85
Topic #: 2

[All Certified Information Systems Security Professional Questions]

An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?

AGeolocate the user and compare to previous logins

BRequire a pre-selected number as part of the login

CHave the user answer a secret question that is known to them

DEnter an automatically generated number from a hardware token

Show Suggested Answer

Suggested Answer: C

by Vincent at Apr 12, 2024, 12:30 AM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Belen

7 days ago

Yeah, the hardware token is a solid choice. It provides an extra layer of security without being overly complex for the user.

upvoted 0 times

...

Estrella

9 days ago

I'm leaning more towards the hardware token option. It's a tried-and-true method for generating one-time passwords.

upvoted 0 times

...

Dalene

10 days ago

Exactly, Rochell. That option just doesn't seem robust enough for real-world security needs.

upvoted 0 times

...

Rochell

11 days ago

Geolocating the user might be convenient, but it's not very secure. Anyone with your login could potentially access the system from the same location.

upvoted 0 times

...

Shaunna

13 days ago

I agree, Leota. The key is finding the right balance between security and convenience for the end-user.

upvoted 0 times

...

Leota

15 days ago

Hmm, this seems like a tricky question. MFA is crucial for secure access, but the options presented don't seem equal in terms of effectiveness and user experience.

upvoted 0 times

...