CERTIFIED-IN-CYBERSECURITY · Question #289
CERTIFIED-IN-CYBERSECURITY Question #289: Real Exam Question with Answer & Explanation
The correct answer is C: Privilege creep. Privilege creep occurs when an individual accumulates access rights beyond what is necessary for their current job responsibilities, often as a result of changing roles within an organization. For example, an IT manager who has moved through several positions may still have permi
Question
What access control problems arise if during an audit it is found that an IT manager retains permission access to shared folders from his previous company roles? ()
Options
- AAccount review
- BUnauthorized access
- CPrivilege creep
- DExcessive provisioning
Explanation
Privilege creep occurs when an individual accumulates access rights beyond what is necessary for their current job responsibilities, often as a result of changing roles within an organization. For example, an IT manager who has moved through several positions may still have permissions from previous roles, allowing them access to folders that are no longer relevant to their current position. This can pose a security risk as it increases the potential for unauthorized access to sensitive information. Excessive provisioning is the initial over-assignment of access rights, which is not the issue identified during the audit. Unauthorized access refers to access by individuals who should not have it at all, rather than the accumulation of excessive legitimate access rights over time. Account review is a control measure to identify and correct access control issues, including privilege creep, rather than being an access control problem itself.
Topics
Community Discussion
No community discussion yet for this question.