CISSP · Question #591
An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed
The correct answer is C. Access certification. When an employee accumulates excessive privileges over time due to role changes, the process of access certification (also called access review or recertification) is used to identify and remove unnecessary access rights.
Question
An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?
Options
- AAccess provisioning
- BSegregation of Duties (SoD)
- CAccess certification
- DAccess aggregation
How the community answered
(47 responses)- A2% (1)
- B4% (2)
- C91% (43)
- D2% (1)
Why each option
When an employee accumulates excessive privileges over time due to role changes, the process of access certification (also called access review or recertification) is used to identify and remove unnecessary access rights.
Access provisioning refers to the process of granting access rights to users when needed, not the process of reviewing and removing excess or outdated privileges.
Segregation of Duties (SoD) is a control principle that ensures no single individual has conflicting or overly powerful combinations of access that could enable fraud, but it does not describe the review process for removing accumulated excess privileges.
Access certification is the periodic review process that validates whether users' current access rights are still appropriate and necessary for their job function. In this scenario, the employee retained legacy access after a promotion, and access certification would flag and revoke that no-longer-needed privilege. This process directly addresses 'privilege creep,' where accumulated entitlements exceed what is required for a user's current role.
Access aggregation (also related to privilege aggregation or 'privilege creep') describes the problem of accumulating excess access over time, but it is not the name of the remediation process used to remove those excess privileges.
Concept tested: Access certification and privilege creep remediation
Source: https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
Topics
Community Discussion
No community discussion yet for this question.