Certified in Risk and Information Systems Control (CRISC) — Question 793

Which of the following is the BEST control to mitigate the risk when a critical customer-facing application has been susceptible to recent credential stuffing attacks?

Answer options

• A. Block IP addresses from foreign countries.
• B. Increase monitoring of account usage.
• C. Implement multi-factor authentication.
• D. Increase password complexity requirements.

Correct answer: C

Explanation

Implementing multi-factor authentication (MFA) significantly enhances security by requiring users to provide two or more verification factors to gain access. While blocking foreign IP addresses and increasing monitoring may help, they do not directly address the issue of compromised credentials as effectively as MFA. Increasing password complexity can improve security but does not prevent credential stuffing attacks from occurring.