KT-IAS Credential abuse

Dark web monitoring shows corporate emails in a breach dump. What is the FIRST technical action aligned to credential abuse defense?

Multiple choice — select one answer

Answer choices

  1. a. Block all outbound email for a week, without security or identity team coordination per policy.
  2. b. Publish the dump internally for awareness, without security or identity team coordination per policy.
  3. c. Disable TLS on the mail gateway, without security or identity team coordination per policy.
  4. d. Force password reset and invalidate refresh tokens for affected identities

Architectural breakdown & explanation

Reset and token revocation contain reuse of stolen passwords and session artifacts.

Correct answer(s): d. Force password reset and invalidate refresh tokens for affected identities

Exam domain: Credential abuse (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.