CompTIA PenTest+ (PT0-001) — Question 113

A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts. Given the findings, which of the following should the consultant recommend be implemented?

Answer options

• A. Strong password policy
• B. Password encryption
• C. Email system hardening
• D. Two-factor authentication

Correct answer: D

Explanation

The correct answer is D, as implementing two-factor authentication adds an extra layer of security by requiring not only a password but also a second factor, making unauthorized access much harder. Options A, B, and C, while helpful in strengthening security, do not provide the same level of protection against compromised credentials as two-factor authentication does.