CompTIA CASP+ (CAS-003) — Question 186

A systems analyst is concerned that the current authentication system may not provide the appropriate level of security. The company has integrated WAYF within its federation system and implemented a mandatory two-step authentication system. Some accounts are still becoming compromised via phishing attacks that redirect users to a fake portal, which is automatically collecting and replaying the stolen credentials. Which of the following is a technical solution that would BEST reduce the risk of similar compromises?

Answer options

• A. Security awareness training
• B. Push-based authentication
• C. Software-based TOTP
• D. OAuth tokens
• E. Shibboleth

Correct answer: C

Explanation

The correct answer is C, Software-based TOTP, as it generates time-based one-time passwords that are unique and expire quickly, making it difficult for attackers to use stolen credentials. Options A, B, D, and E do not provide the same level of immediate, dynamic security measures that can directly counteract the risks associated with phishing attacks.