Examice

Exam SY0-601 All QuestionsBrowse all questions from this exam

Question 648

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

SSO would simplify username and password management, making it easier for hackers to guess accounts.

SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

SSO would reduce the password complexity for frontline staff.

SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Correct Answer: D

The Chief Risk Officer's (CRO) concerns center around key issues of system resilience and availability when implementing Single Sign-On (SSO). The introduction of SSO means that if the identity provider goes offline, access to critical systems is severely impacted, especially in a hospital setting where uninterrupted access to patient data is vital. Additionally, without proper training and guidance, frontline staff may not be adequately prepared to handle such downtime situations, exacerbating the risk. Thus, the primary issue is the potential reduction in system resilience and availability without a completed risk analysis and sufficient staff training.

Discussion

Lost_MemoOption: A

Single sign-on (SSO) is an identification method that enables users to log in to multiple applications and websites with one set of credentials. So both B and C are out of question because C does not make sense in the context having one password has nothing to do with how complex it is and B feel empathetic to efforts of staff remembering the complex password. Then we have A which indicates having only one password makes it easier for attacker to "guess" it, if the wording was compromised that would make more sense. Lastly D fits well with the a "risk analysis has not been performed" but then there is the "training and guidance have not been provided to frontline staff". So i will go with A.

zits88Option: D

Strangely worded answers, but D is the only one that is not completely incorrect, so let's go with that.

DaEdgeOption: D

I work in IT at a hospital, and we have designated shared clinical devices utilizing SSO with the clinician's badge and an RFID reader. In a network downtime, the biggest concern is the availability of the SSO, because there would be no way for the identity provider to communicate with the SSO server. In our case, we have designated downtime machines that are always ready to go with a generic service account and a specific downtime application that routinely downloads reports for use by the staff. The staff is trained to use the downtime or "business continuity" workstations in a downtime. The answer that makes sense is D.

johnabayotOption: D

D. SSO would reduce the resillience and availability of systems if the identity provider goes offline.

[Removed]

if the identity provider goes offline...there is the risk, they will not have access

DChildsOption: D

Going through a process of elimination: A - SSO does not make user passwords easier to guess. B - SSO will reduce password fatigue but it doesn't require a change to the password complexity policy for it to be implemented. C - Same logic for eliminating option B. SSO does not require a change in password complexity policies. D - This is the most logical. The CSO is concerned frontline staff have not been given training as they will need to be extra vigilant and watch out for suspicious activity or phishing attempts which would make the job of hackers a little easier and second, a risk analysis needs to be done on what happens should the identity provider go offline (either for technical reasons or a compromise on the providers environment), this could inform a decision to have a redundant identity provider. I choose D

david124

"it easier for hackers to guess accounts" not passwords

agfencerOption: A

CSO is concerned with staff lack of training and no risk assessment being performed.. those are his main concerns, so why would SSO provider going offline (making system unavailable) be the right answer? It's A, SSO is a single point of failure, employee fumbles that login and bad actor can get in with unknown limits to risk.. A is the answer ppl

[Removed]Option: D

Even though A seems correct the question is asking why the CRO is concerned. The CRO reason for not wanting SSO is because he, "is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed." When i see RISK ANALYSIS and TRAINING I think of a disaster or incident happening and the employes not knowing what to do for it and the only answer that's close to an incident happening is D. SSO would reduce the resilience and availability of systems if the identity provider goes offline

[Removed]

I rest my case.

david124

dude its a hospital, they're not really expect to know what to do lol. The IT department must know not the nurses and doctors

MarleighOption: D

Honestly I was really confused at first reading this question. But after reading the discussion, I think it is D. The sentence that threw me off the most was "The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff" which made me think this would be a user issue so I was leaning towards a password issue. But after reading about what DaEdge said, it isnt really an issue of passwords per se, but an issue of availability. So I think it is D

_deleteme_Option: D

D is correct - key word "hospital" - these folks are moving around a lot, especially nurses and they share devices when they rotate. If a user does not sign off, it creates problems for the next user who is trying to sign on. If they are not trained, its chaos for them and IT

zecomeia_007Option: D

Is corretc.

ganymedeOption: A

A. SSO would simplify username and password management, making it easier for hackers to guess accounts. I did some research on what the to risks are for SSO. Based on what I am seeing from a number of sources, A is the best answer. These are the biggest risks of SSO: Users creating weak passwords. If an attacker gets the password they have access to many systems.

addcomptiaOption: D

d is correct

rline63Option: D

I'm not really sure what the answer is here but I'm also not sure why D is correct. The question mentions that they are worried that training hasn't been provided to frontline staff. I have no idea what that has to do with the identity provider going offline.

GeronemoOption: D

Option D seems to align most closely with these concerns: If SSO is implemented without proper planning and consideration of potential failures, such as the identity provider going offline, it could lead to significant disruptions in accessing critical systems and patient data. Without a risk analysis, the hospital might not fully understand the impact of such potential disruptions or have strategies in place to mitigate them. Therefore, the most likely cause of the CRO's concerns is that the implementation of SSO could reduce the resilience and availability of systems in the event of an issue with the identity provider.

russianOption: D

makes more sense

vitasaiaOption: A

Between A and D: "concerned that training and guidance have not been provided to frontline staff" => A

memodrums

Agree. D would be an IT risk problem.

ComPCertOnOption: A

A. Would be a good fit too