nerdexam
CompTIA

CV0-003 · Question #481

A customer wants to remove a user's access to the SaaS CRM system. Which of the following methods should be executed FIRST?

The correct answer is D. User account disablement. When removing user access, disabling the account first is the safest initial step because it is reversible and immediately prevents access without permanently deleting the account.

Security

Question

A customer wants to remove a user's access to the SaaS CRM system. Which of the following methods should be executed FIRST?

Options

  • AUser account removal
  • BUser account lockout
  • CUser account password change
  • DUser account disablement

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    4% (1)
  • D
    93% (25)

Why each option

When removing user access, disabling the account first is the safest initial step because it is reversible and immediately prevents access without permanently deleting the account.

AUser account removal

Removing the account is typically a final step performed after disablement and any required data retention or offboarding procedures are completed, as it is irreversible.

BUser account lockout

Account lockout is typically a security response to failed authentication attempts, not a standard offboarding procedure, and does not formally revoke access in a managed way.

CUser account password change

Changing the password prevents current session reuse but does not formally disable the account and may not revoke active tokens or sessions in all SaaS systems.

DUser account disablementCorrect

Account disablement immediately revokes the user's ability to authenticate to the CRM system while preserving the account and its associated data, roles, and audit trail. This approach is preferred first because it is reversible - if the removal was requested in error or data needs to be recovered, the account can be re-enabled without data loss, following the principle of least irreversible action.

Concept tested: User account offboarding - disablement before removal

Source: https://learn.microsoft.com/en-us/entra/identity/users/users-restrict-guest-permissions

Topics

#user account management#access control#SaaS#account disablement

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice