During a hectic incident, a cloud administrator gets a phone call from someone claiming to be vendor support and urgently requesting root-level credentials. The admin unwittingly reveals the password. Which control would most effectively keep the attacker from logging in with that stolen secret?
Set up encryption for data stored on the server
Configure multi-factor authentication for privileged accounts
Deploy an additional firewall layer for inbound traffic
Multi-factor authentication (MFA) adds a second factor such as a one-time code, hardware token, or biometric check alongside the password. Because the attacker lacks that extra element, the stolen password by itself cannot unlock the account. Simply rotating passwords, encrypting stored data, or adding firewall layers offers no barrier once valid credentials have been disclosed at the login prompt.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA) and how does it work?
Open an interactive chat with Bash
How does multi-factor authentication stop attackers if a password is revealed?
Open an interactive chat with Bash
What are some common methods used in multi-factor authentication?