nerdexam
ExamsCAS-001Questions#4
CompTIA

CAS-001 · Question #4

CAS-001 Question #4: Real Exam Question with Answer & Explanation

The correct answer is C: Review the termination policy with the company managers to ensure prompt reporting of employee. The root cause of late account deactivations is that managers are not promptly notifying HR or IT when an employee is terminated. Reviewing the termination policy with company managers to ensure prompt reporting (C) directly addresses this process gap. Monthly reviews of inactive

Question

A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?

Options

  • AReview the HR termination process and ask the software developers to review the identity management
  • BEnforce the company policy by conducting monthly account reviews of inactive accounts.
  • CReview the termination policy with the company managers to ensure prompt reporting of employee
  • DUpdate the company policy to account for delays and unforeseen situations in account deactivation.

Explanation

The root cause of late account deactivations is that managers are not promptly notifying HR or IT when an employee is terminated. Reviewing the termination policy with company managers to ensure prompt reporting (C) directly addresses this process gap. Monthly reviews of inactive accounts (B) is a detective control that catches problems after they occur but does not prevent the delay. Asking developers to review identity management (A) misplaces responsibility - the issue is a process/communication failure, not a software defect. Updating the policy to allow longer deactivation windows (D) would weaken the company's security posture and formalize non-compliance. The most effective corrective action is ensuring managers understand and follow their reporting obligations.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice