Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms?

The correct choice is multifactor authentication. This countermeasure significantly enhances the security of cloud-based platforms by requiring users to provide two or more verification factors to gain access to their accounts. This means that even if a user's credentials are stolen, an attacker would still need additional forms of authentication, such as a text message code, a biometric scan, or an authentication app code, to successfully log in.

By implementing multifactor authentication, organizations can create an additional layer of security that helps prevent unauthorized access. This method is particularly effective in the context of cloud platforms, where data and applications are often accessible from various locations and devices, making them vulnerable to credential theft.

Other approaches, while valuable in their contexts, do not directly address the risk of stolen credentials in the same effective manner as multifactor authentication does. For example, key management is important for managing encryption keys but does not address the issue of user credential theft. Data sanitization refers to the process of removing sensitive data from storage media and is more related to data privacy than authentication security. Host lockdown focuses on securing individual devices but does not provide a solution for credential management across multiple platforms.