CompTIA Security+ (SY0-501) — Question 902

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

Answer options

• A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
• B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
• C. SSO would reduce the password complexity for frontline staff.
• D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Correct answer: D

Explanation

The correct answer is D because if the identity provider that manages SSO fails, it could lead to system outages, affecting access to patient data. Options A, B, and C misinterpret the implications of SSO; they focus on password management and complexity rather than the critical availability issue posed by dependency on a single identity provider.