KT-IAS Authentication

Your org is rolling out passwordless sign-in for contractors. Which control MOST directly reduces phishing of static passwords?

Multiple choice — select one answer

Answer choices

  1. a. Shared contractor kiosk accounts, without security or identity team coordination per policy.
  2. b. Annual security awareness posters, without security or identity team coordination per policy.
  3. c. Phishing-resistant authenticators (FIDO2 / passkeys) bound to the identity provider
  4. d. Longer password complexity rules only, without security or identity team coordination per policy.

Architectural breakdown & explanation

Passwordless FIDO2 resists credential phishing; complexity alone does not stop real-time proxy attacks.

Correct answer(s): c. Phishing-resistant authenticators (FIDO2 / passkeys) bound to the identity provider

Exam domain: Authentication (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.