Question 2 of 10
You are a network security engineer at a large corporation. During a routine security audit, you discover that the company's internal network is vulnerable to replay attacks. The network uses a simple challenge-response authentication protocol.

Which of the following actions should you recommend to mitigate this vulnerability?

answer

Implement SSL/TLS encryption for all data in transit.


Switch to a different authentication protocol like OAuth.


Implement a time-based one-time password (TOTP) system.


Disable all client-side scripting.

Recommended action: Implement a time-based one-time password (TOTP) system.

Why:
- TOTP produces short-lived, single‑use codes, so an intercepted authentication value cannot be replayed later.
- It directly addresses replayability of authentication proofs; challenge/nonce or timestamp-based schemes and HMAC-based challenges are other equivalent fixes.

Notes on the other options:
- SSL/TLS is still recommended (protects confidentiality and integrity of messages) but by itself does not eliminate all replay scenarios for authentication tokens.
- Switching to OAuth is not a direct fix for replay attacks (it’s an authorization framework and still needs secure token handling and transport).
- Disabling client‑side scripting is irrelevant to replay attacks.