nerdexam
(ISC)2

CISSP · Question #124

Which of the following violates identity and access management best practices?

The correct answer is C. Generic accounts. Generic accounts violate IAM best practices because they are shared among multiple users, making it impossible to attribute actions to a specific individual and undermining accountability and auditability.

Submitted by ashley.k· Mar 5, 2026Identity and Access Management

Question

Which of the following violates identity and access management best practices?

Options

  • AUser accounts
  • BSystem accounts
  • CGeneric accounts
  • DPrivileged accounts

How the community answered

(39 responses)
  • A
    8% (3)
  • B
    3% (1)
  • C
    87% (34)
  • D
    3% (1)

Why each option

Generic accounts violate IAM best practices because they are shared among multiple users, making it impossible to attribute actions to a specific individual and undermining accountability and auditability.

AUser accounts

User accounts are a standard, recommended IAM construct that assigns unique credentials to individual users, fully supporting accountability and access control policies.

BSystem accounts

System accounts are legitimate IAM components used by services and applications to perform automated tasks; while they require careful management, their use is an accepted and necessary practice.

CGeneric accountsCorrect

Generic accounts (e.g., 'admin', 'guest', or shared departmental accounts) violate IAM best practices because they lack individual accountability - multiple people can use the same credentials, making audit trails and forensic investigations unreliable. IAM best practices mandate that every user have a unique, identifiable account so that all actions can be traced back to a specific person. This principle of non-repudiation and least-privilege assignment is impossible to enforce with shared generic accounts.

DPrivileged accounts

Privileged accounts, while requiring extra controls such as PAM solutions and just-in-time access, are a recognized and necessary IAM category for administrative tasks and do not inherently violate best practices.

Concept tested: IAM best practices and generic account risks

Source: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score

Topics

#account management#best practices#generic accounts#accountability

Community Discussion

No community discussion yet for this question.

Full CISSP Practice