CompTIA Security+ (SY0-601) — Question 500

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

Answer options

• A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
• B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
• C. SSO would reduce the password complexity for frontline staff.
• D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Correct answer: D

Explanation

The correct answer is D because if the identity provider that manages the SSO goes offline, it could lead to system outages, affecting access to critical resources. Options A, B, and C do not address the CRO's concerns about system resilience and availability, focusing instead on password management aspects.