CompTIA Security+ (SY0-601) — Question 223

A security engineer is reviewing the logs from a SAML application that is configured to use MFA. During this review, the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-based tokens to be generated. Users who change locations should be required to reauthenticate but have been able to log in without doing so. Which of the following statements BEST explains the issue?

Answer options

• A. OpenID is mandatory to make the MFA requirements work.
• B. An incorrect browser has been detected by the SAML application.
• C. The access device has a trusted certificate installed that is overwriting the session token.
• D. The user’s IP address is changing between logins, but the application is not invalidating the token.

Correct answer: D

Explanation

The correct answer is D because the application fails to invalidate the session token when the user's IP address changes, allowing unauthorized access without MFA. Option A is incorrect as OpenID is not necessary for MFA. Option B is irrelevant since browser detection does not directly relate to the MFA issue. Option C is not applicable, as the presence of a trusted certificate does not influence the requirement for reauthentication based on location changes.