nerdexam
(ISC)2

CISSP · Question #546

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these ac

The correct answer is D. Trigger-based review and certification. Privilege creep occurs when users accumulate permissions over time beyond what their current role requires. The best prevention is a trigger-based review that automatically initiates access recertification when a role change event occurs.

Submitted by hans_de· Mar 5, 2026Identity and Access Management (IAM)

Question

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs. Which of the following is the BEST way to prevent access privilege creep?

Options

  • AImplementing Identity and Access Management (IAM) solution
  • BTime-based review and certification
  • CInternet audit
  • DTrigger-based review and certification

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    16% (5)
  • C
    10% (3)
  • D
    71% (22)

Why each option

Privilege creep occurs when users accumulate permissions over time beyond what their current role requires. The best prevention is a trigger-based review that automatically initiates access recertification when a role change event occurs.

AImplementing Identity and Access Management (IAM) solution

An IAM solution is a platform that manages identities and access, but it does not inherently prevent privilege creep unless configured with specific review and certification workflows; it is a tool, not a process.

BTime-based review and certification

Time-based review and certification reduces privilege creep by auditing permissions on a scheduled interval (e.g., quarterly), but gaps between review periods still allow obsolete permissions to persist, making it less effective than an event-driven approach.

CInternet audit

An 'internet audit' is not a recognized access management practice and has no direct relevance to managing or preventing internal privilege creep within an organization's identity systems.

DTrigger-based review and certificationCorrect

Trigger-based review and certification initiates an access review automatically when a specific event occurs-such as a role change, promotion, or transfer-ensuring that old permissions are evaluated and revoked at the exact moment they become inappropriate. This directly addresses the root cause of privilege creep by tying permission reviews to the lifecycle events that cause accumulation. Unlike periodic reviews, trigger-based reviews act in real time, preventing obsolete permissions from persisting between audit cycles.

Concept tested: Preventing privilege creep with trigger-based access certification

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#privilege creep#access review#user provisioning#IAM lifecycle

Community Discussion

No community discussion yet for this question.

Full CISSP Practice