CompTIA Security+ (SY0-501) — Question 44

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?

Answer options

• A. Approve the former employee's request, as a password reset would give the former employee access to only the human resources server.
• B. Deny the former employee's request, since the password reset request came from an external email address.
• C. Deny the former employee's request, as a password reset would give the employee access to all network resources.
• D. Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network resources.

Correct answer: C

Explanation

The correct answer is C because allowing a password reset would enable the former employee to regain access to all network resources due to SSO. Options A and D incorrectly assume limited access or no security risk, while option B focuses on the email source rather than the access implications.