Exam Professional Cloud Security Engineer topic 1 question 227 discussion

Correct anwers are A & E. A. Configuring Google session control to a shorter duration reduces the time window in which an attacker can use a replayed cookie to gain unauthorized access, thereby enhancing security. E. Enforcing Security Key Authentication with 2-Step Verification (2SV) adds an additional layer of security by requiring users to verify their identity using a physical security key, making it more difficult for attackers to gain unauthorized access even if they have a replayed cookie.

B and E Set an organizational policy for OAuth 2.0 access token with a shorter duration is a good approach to reduce the time during which a stolen access token could be exploited. Shortening the access token duration helps mitigate the impact of cookie replay attacks. OAuth 2.0 access tokens are commonly used to authenticate API requests. By reducing their duration, you limit the time frame in which an attacker could potentially abuse a stolen token. Enforce Security Key Authentication with 2SV adds strong authentication to user sessions. Security keys are hardware-based tokens that provide strong authentication and help prevent unauthorized access, including cookie replay attacks. By requiring Security Key Authentication with 2SV (Two-Step Verification), you enhance the security of user accounts.

Missing missing missing

B&E, Limiting the session duration itself, doesn't do except give a malicious attacker a shorter time to do the 'bad thing', however, limiting the time that the cookie is actually usable could prevent an attacker from impersonating a user. Additionally, 2SV is nearly always a right answer.

A,C are correct

You shorten the session duration by setting the reauthentication policy so the answer is C and not A.

AC keeping shorter session and enforcing reauthentication after certain period of time will help to address the issue

The question is not about validating a user identity- it's about mitigating a risk of open sessions. Answers B&C are correct. Answer C is A.

I will go for A and C A - For Google Web services like Gmail https://support.google.com/a/answer/9368756?hl=en C - for Google Cloud Services and SDK https://support.google.com/a/answer/9368756?hl=en Enforce Security Key Authentication with 2SV adds strong authentication to user sessions. but it doesn't help if the attacker has already gained access. To mitigate cookie replay attacks, a web application should: - Invalidate a session after it exceeds the predefined idle timeout, and after the user logs out. - Set the lifespan for the session to be as short as possible. - Encrypt the session data. - Have a mechanism to detect when a cookie is seen by multiple clients

A and E

A, C A. Configure Google session control to a shorter duration. This will make it more difficult for attackers to use stolen cookies to access user accounts, as the cookies will expire more quickly. C. Set a reauthentication policy for Google Cloud services to a shorter duration. This will also make it more difficult for attackers to use stolen cookies to access user accounts, as they will need to reauthenticate more frequently.

Options A, C, and D are not directly related to mitigating cookie replay attacks or enhancing security against such threats. They address different aspects of session control, reauthentication policy, and identity provider configuration, but they do not directly tackle the issue of cookie replay attacks. Therefore, the best choices in this scenario are B and E.