A security engineer is reviewing the logs from a SAML application that is configured to use MFA. During this
review, the engineer notices a high volume of successful logins that did not require MFA from users who were
traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-
based tokens to be generated. Users who change locations should be required to reauthenticate but have been
able to log in without doing so. Which of the following statements BEST explains the issue?
A. OpenID is mandatory to make the MFA requirements work.
B. An incorrect browser has been detected by the SAML application.
C. The access device has a trusted certificate installed that is overwriting the session token.
D. The user's IP address is changing between logins, but the application is not invalidating the token.
review, the engineer notices a high volume of successful logins that did not require MFA from users who were
traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-
based tokens to be generated. Users who change locations should be required to reauthenticate but have been
able to log in without doing so. Which of the following statements BEST explains the issue?
A. OpenID is mandatory to make the MFA requirements work.
B. An incorrect browser has been detected by the SAML application.
C. The access device has a trusted certificate installed that is overwriting the session token.
D. The user's IP address is changing between logins, but the application is not invalidating the token.