Basic Concept: A replay attack occurs when an attacker captures a valid authentication token or credential and reuses it to impersonate a legitimate user. Preventing replay attacks requires ensuring that captured credentials cannot be successfully reused after a defined period or after their intended single use. CompTIA SecAI+ Study Guide covers replay attack prevention under AI system authentication.
Why C is Correct: Expiring session tokens have a limited validity window, typically a few minutes to hours. If an attacker captures a token, they can only use it until it expires. Short expiration times dramatically reduce the window of opportunity for replay attacks. This is the most direct and effective control specifically targeting replay attack prevention, as expired tokens are rejected even if intercepted.
Why A is Wrong: IdP federation enables single sign-on across multiple systems using federated identity providers. While it standardizes authentication, it does not inherently prevent replay attacks on captured tokens unless combined with short token expiration and proper validation.
Why B is Wrong: SSH certificate authentication uses cryptographic certificates for strong authentication. While more secure than password-based SSH, certificates alone do not prevent replay attacks unless they include timestamps, nonces, or other anti-replay mechanisms that invalidate captured credentials.
Why D is Wrong: IAM access keys are long-lived credentials that provide programmatic access to services. They are typically static and do not expire automatically, making them vulnerable to replay attacks if intercepted. They are less suitable for replay attack prevention than expiring session tokens.
Submit