Preventing Unauthorized Access Requests for Resigned Employees

C.

The best course of action in this scenario is C. Deny the former employee's request, as a password reset would give the employee access to all network resources.

Explanation:

Single Sign-On (SSO) is a technology that allows users to authenticate once and gain access to multiple systems and applications without needing to re-authenticate each time. This approach simplifies the authentication process, increases security, and reduces administrative overheads. However, it also poses a security risk if the user's account is compromised, as it gives the attacker access to all the network resources the user can access.

In this scenario, the former employee's access to all network resources was terminated immediately after the resignation, as per the organization's security policy. However, the former employee requested a password reset to access payroll information from the human resources server.

Approving the former employee's request (Option A or D) would be a security risk as the former employee could potentially gain access to other network resources beyond payroll information. Moreover, password reset requests should only be accepted from authorized and authenticated channels, and a request from an external email address (Option B) is not a reliable source of authentication.

Therefore, the best course of action is to deny the former employee's request (Option C) to avoid any potential security breach. Additionally, the help desk should report the incident to the security team or the management to investigate any possible security breaches or policy violations.