Your IT department head wants to implement SSO, but some of the other division heads think it adds too much risk. She asks for your advice. Which statement best helps her address other managers$$ concerns?

Question $43$ Answer

a$.$

They$$re right; by bridging multiple systems together with one common access credential, you risk opening everything to an attacker.

b$.$

Yes and no; single sign$-$on by itself would be risky, but thorough and rigorous access control at the system, application, and data level, tied to job functions or other attributes, should provide one$-$stop login but good protection.

c$.$

Single sign$-$off involves very little risk; you do$,$ however, need to ensure that all apps and services that users could connect to have timeout provisions that result in clean closing of files and task terminations.

d$.$

Since support for single sign$-$on is built into the protocols and operating systems you use, there$$s very little risk involved in implementation or managing its use.