CCCS-203B · Question #11
CCCS-203B Question #11: Real Exam Question with Answer & Explanation
The correct answer is A. A developer account with write access to a production database but no recent access activity for. Option A: CIEM solutions identify accounts with excessive or unused privileges, such as a developer account with elevated access that hasn't been used in a significant period. Such privileges pose a risk of being exploited and should be reviewed or revoked if not necessary. Optio
Question
Options
- AA developer account with write access to a production database but no recent access activity for
- BAn account with a revoked role assignment due to a policy change.
- CAn administrator account used daily to manage identity policies.
- DA monitoring service account with read-only access to application logs.
Explanation
Option A: CIEM solutions identify accounts with excessive or unused privileges, such as a developer account with elevated access that hasn't been used in a significant period. Such privileges pose a risk of being exploited and should be reviewed or revoked if not necessary. Option B: A revoked role assignment indicates proactive access management. CIEM would not flag this as unnecessary access, as the issue has already been addressed. Option C: Regular use of administrator accounts for their designated purpose would not typically indicate unnecessary access privileges. However, best practices encourage limiting the scope of administrator roles when possible. Option D: This account demonstrates the principle of least privilege. The service account has minimal necessary permissions, and its activity aligns with its purpose, so it would not be flagged
Community Discussion
No community discussion yet for this question.