CompTIA CySA+ (CS0-002) — Question 264

Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

Answer options

• A. Smart cards
• B. Multifactor authentication
• C. Biometrics
• D. Increased password-rotation frequency

Correct answer: B

Explanation

Multifactor authentication (MFA) is the best compensating control because it adds an additional layer of security beyond just passwords, making it significantly harder for unauthorized users to gain access. While smart cards, biometrics, and increased password-rotation frequency can enhance security, they do not provide the same level of protection against authentication compromises as MFA, which requires multiple forms of verification.