Which of the following is most likely The reason for the issue?

A user reports application access issues to the help desk.

The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?
A . The user inadvertently tripped the impossible travel security rule in the SSO system.
B . A threat actor has compromised the user’s account and attempted to lop, m
C . The user is not allowed to access the human resources system outside of business hours
D . The user did not attempt to connect from an approved subnet

View Answer

Answer: A

Explanation:

Based on the provided logs, the user has accessed various applications from different geographic locations within a very short timeframe. This pattern is indicative of the "impossible travel" security rule, a common feature in Single Sign-On (SSO) systems designed to detect and prevent fraudulent access attempts.

Analysis of Logs:

At 8:47 p.m., the user accessed a VPN from Toronto.

At 8:48 p.m., the user accessed email from Los Angeles.

At 8:48 p.m., the user accessed the human resources system from Los Angeles.

At 8:49 p.m., the user accessed email again from Los Angeles.

At 8:52 p.m., the user attempted to access the human resources system from Toronto, which was denied.

These rapid changes in location are physically impossible and typically trigger security measures to prevent unauthorized access. The SSO system detected these inconsistencies and likely flagged the activity as suspicious, resulting in access denial.

References:

CompTIA SecurityX Study Guide

NIST Special Publication 800-63B, "Digital Identity Guidelines"

"Impossible Travel Detection," Microsoft Documentation