CISSP · Question #546
As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these ac
The correct answer is D. Trigger-based review and certification. Privilege creep occurs when users accumulate permissions over time beyond what their current role requires. The best prevention is a trigger-based review that automatically initiates access recertification when a role change event occurs.
Question
Options
- AImplementing Identity and Access Management (IAM) solution
- BTime-based review and certification
- CInternet audit
- DTrigger-based review and certification
How the community answered
(31 responses)- A3% (1)
- B16% (5)
- C10% (3)
- D71% (22)
Why each option
Privilege creep occurs when users accumulate permissions over time beyond what their current role requires. The best prevention is a trigger-based review that automatically initiates access recertification when a role change event occurs.
An IAM solution is a platform that manages identities and access, but it does not inherently prevent privilege creep unless configured with specific review and certification workflows; it is a tool, not a process.
Time-based review and certification reduces privilege creep by auditing permissions on a scheduled interval (e.g., quarterly), but gaps between review periods still allow obsolete permissions to persist, making it less effective than an event-driven approach.
An 'internet audit' is not a recognized access management practice and has no direct relevance to managing or preventing internal privilege creep within an organization's identity systems.
Trigger-based review and certification initiates an access review automatically when a specific event occurs-such as a role change, promotion, or transfer-ensuring that old permissions are evaluated and revoked at the exact moment they become inappropriate. This directly addresses the root cause of privilege creep by tying permission reviews to the lifecycle events that cause accumulation. Unlike periodic reviews, trigger-based reviews act in real time, preventing obsolete permissions from persisting between audit cycles.
Concept tested: Preventing privilege creep with trigger-based access certification
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.