🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional78 / 124
Question 78 of 124

A development team is integrating a new cloud-hosted analytics application with the company's identity provider. Developers implemented OAuth 2.0 access tokens and use the presence of a valid access token to log the user in and populate their profile page. During a security review, the assessor flags this as an authentication design flaw. What is the MOST accurate reason the current approach is insecure, and what should the team adopt?

Reviewed for accuracy · Report an issueNext question