SOL-C01 · Question #37
SOL-C01 Question #37: Real Exam Question with Answer & Explanation
The correct answer is A: Create a new custom role (e.g., 'ADMIN ROLE) and grant it the 'ACCOUNTADMIN' role. Then. Option A: Creating a subordinate role and granting it the 'ACCOUNTADMIN' role is the correct approach. This allows you to control access to through a more manageable role. Option D is how the grant should be implemented. Option B is incorrect because the complete set of 'ACCOUNTA
Question
A security auditor has identified that several users have been granted the role directly. Your company's security policy mandates that 'ACCOUNTADMIN' should only be used in emergency scenarios and access should be granted temporarily through a subordinate role. Which of the following steps should you take to remediate this situation while minimizing disruption to existing user workflows? (Choose two)
Options
- ACreate a new custom role (e.g., 'ADMIN ROLE) and grant it the 'ACCOUNTADMIN' role. Then
- BCreate a new custom role (e.g., 'ADMIN ROLE) and grant it all the privileges currently held by the
- CRevoke the 'ACCOUNTADMIN' role from all users and inform them that they should not be using
- DCreate a new custom role (e.g., 'ADMIN_ROLE) and grant ` ACCOUNTADMIN' to this role. Then
- ECreate a new custom role (e.g., 'ADMIN ROLE') and grant it 'OWNERSHIP on the account. Grant
Explanation
Option A: Creating a subordinate role and granting it the 'ACCOUNTADMIN' role is the correct approach. This allows you to control access to through a more manageable role. Option D is how the grant should be implemented. Option B is incorrect because the complete set of 'ACCOUNTADMIN' privileges is complex and subject to change; using GRANT ROLE ensures the custom role always inherits the full 'ACCOUNTADMIN' permissions. Option C would disrupt users' workflows significantly. Option E OWNERSHIP on Account is not the intended role
Topics
Community Discussion
No community discussion yet for this question.