CISA Certified Information Systems Auditor – Question1572

Two-factor authentication can be circumvented through which of the following attacks?

A.
Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force

Correct Answer: B

Explanation:

Explanation:
A man-in-the-middle attack is similar to piggybacking, in that the attacker pretends to be the legitimate destination, and then merely retransmits whatever is sent by the authorized user along with additional transactions after authentication has been accepted. A denial-of- service attack does not have a relationship to authentication. Key logging and brute force could circumvent a normal authentication but not a two-factor authentication.