CompTIA CASP+ Practice Test

To securely enable SSO in a new mobile application, what control must be implemented?

• A. Local storage of the authenticated token on the mobile application must be encrypted
• B. Use of a unique passphrase for every session
• C. Access to the application must require a VPN
• D. Minimum password complexity requirements

The correct answer is: Local storage of the authenticated token on the mobile application must be encrypted

To securely enable Single Sign-On (SSO) in a new mobile application, encrypting the local storage of the authenticated token is crucial. When an application utilizes SSO, it often receives an authentication token after a user successfully logs in. This token is sensitive information that, if compromised, can grant unauthorized access to the user’s account. By encrypting the authenticated token stored locally, the application ensures that even if an unauthorized party gains access to the device or the local storage, they cannot easily read or misuse the token, thus maintaining the integrity and security of the user's authenticated session. This is a fundamental security measure that helps prevent data breaches and unauthorized access, making it an essential control in the context of implementing SSO in mobile applications. In contrast, other options such as using a unique passphrase for every session or requiring a VPN may improve security in certain ways, but they do not directly address the secure storage of sensitive authentication tokens within the application itself. Minimum password complexity requirements are also important for initial login security but do not directly relate to the challenges posed by storing authentication tokens securely within a mobile application.