Question 5 - CertNexus ITS-110 Real Exam Questions [Jan 2026 Update]

Q: 5

An IoT developer wants to ensure that their cloud management portal is protected against compromised end-user credentials. Which of the following technologies should the developer implement?

Options

Correct Answer:

Explanation

The question addresses the need to protect a cloud portal from compromised credentials. The most effective control for this threat is Multi-Factor Authentication (MFA). Option C describes a standard MFA implementation, combining two distinct authentication factors: "something you know" (the strong password) and "something you have" (the mobile device that receives the SMS token). If an attacker compromises the password, they would still need physical access to the user's phone to complete the login, thus protecting the account.

Why Incorrect

A. This is multi-step authentication, not multi-factor. Both credentials are passwords, which fall under the same factor type: "something you know."

B. A strong password policy hardens the credential itself but does not protect against its compromise through methods like phishing, keylogging, or credential stuffing.

D. This uses two tokens from a single hardware device, representing only one factor type: "something you have." This does not meet the definition of multi-factor authentication.

References

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-63B

Digital Identity Guidelines: Authentication and Lifecycle Management.

Section 5.1

"Authenticator and Verifier Requirements

" states: "Multi-factor authentication (MFA) requires at least two of the three factor types to be used for a successful authentication event." It defines these types as something you know

something you have

and something you are. This supports option C as the only true MFA implementation.

2. Amazon Web Services (AWS). (2023). Security best practices in IAM. AWS Identity and Access Management Documentation.

In the section "Require multi-factor authentication (MFA)

" the documentation states: "For extra security

we recommend that you require MFA for all IAM users... With MFA

users have a user name and password (the first factor—what they know)

and an authentication code from their AWS MFA device (the second factor—what they have)." This directly applies to securing a cloud portal.

3. Rivest

R. L. (2014). Lecture 15: Authentication. MIT OpenCourseWare

6.857 Computer and Network Security.

The lecture notes discuss authentication methods

highlighting that passwords ("what you know") can be stolen. It introduces two-factor authentication as a solution combining passwords with a token ("what you have") to mitigate this risk

directly aligning with the logic in option C.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE