CompTIA Security+ (SY0-601) — Question 701

A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.
Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

Answer options

• A. Enforce MFA when an account request reaches a risk threshold.
• B. Implement geofencing to only allow access from headquarters.
• C. Enforce time-based login requests that align with business hours.
• D. Shift the access control scheme to a discretionary access control.

Correct answer: A

Explanation

The correct answer is A because enforcing MFA when a risk threshold is reached adds an extra layer of security without hindering legitimate users. Option B is too restrictive, as it would block all remote access. Option C could limit access for legitimate users who work outside standard hours, while option D does not specifically address the need for enhanced security in this scenario.