CompTIA Security Plus Mock Test Q246

Users can authenticate to a company’s web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials
B. Changes to passwords on the social media site can be delayed from replicating to the company
C. Data loss from the corporate servers can create legal liabilities with the social media site
D. Password breaches to the social media site affect the company application as well

Correct Answer: D
Section: Compliance and Operational Security

Social networking and having you company’s application authentication ‘linked’ to users’ credential that they use on social media sites exposes your company’s application exponentially more than is necessary. You should strive to practice risk avoidance.

Incorrect Answers:
A: One would assume that only the company’s users would be able to authenticate to the company’s application and you would be able to audit log on attempts.
B: Delays in password when changes are made is not such a sever security risk as a breach in passwords.
C: Data loss on your company servers does not pose as great a security risk as breach of passwords.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 364, 406