Which of the following scenarios BEST demonstrates the "fail securely" (fail-safe or fail-closed) design principle when an organization's single sign-on (SSO) authentication service becomes unavailable?
Multi-factor authentication is automatically disabled so users can log in with passwords only.
The system authenticates users indefinitely using the last cached valid credential set.
The system denies all login attempts and generates an alert until the SSO service is restored.
The system grants temporary guest access with limited privileges so employees can keep working.
Denying all login attempts and alerting administrators until the SSO service is restored embodies the fail securely principle. When a critical security control such as authentication fails, the system must default to the most secure state-denying access-rather than falling back to weaker controls, cached credentials, or guest access. This prevents unauthorized entry that could otherwise exploit the failure condition and maintains the confidentiality, integrity, and availability of protected resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'fail securely' mean in security design?
Open an interactive chat with Bash
What are the risks of not implementing 'fail securely'?
Open an interactive chat with Bash
How does 'fail securely' relate to other security principles?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access