CompTIA CySA+ (CS0-002) — Question 195

A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account to perform queries and look up data in a database. A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

Answer options

• A. Change the security model to force the users to access the database as themselves.
• B. Parameterize queries to prevent unauthorized SQL queries against the database.
• C. Configure database security logging using syslog or a SIEM.
• D. Enforce unique session IDs so users do not get a reused session ID.

Correct answer: A

Explanation

Changing the security model to require users to access the database as themselves ensures that each user's permissions are enforced, preventing unauthorized access. The other options do not directly address the core issue of users accessing data without proper authorization. Parameterizing queries, logging, and enforcing unique session IDs help improve security but do not resolve the underlying authentication problem.