SY0-301 · Question #809
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
The correct answer is A. Internal account audits. Internal account audits identify privilege accumulation (privilege creep) when employees change roles, ensuring that old permissions are removed and only current role-appropriate access is retained.
Question
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
Options
- AInternal account audits
- BAccount disablement
- CTime of day restriction
- DPassword complexity
How the community answered
(33 responses)- A91% (30)
- B6% (2)
- C3% (1)
Why each option
Internal account audits identify privilege accumulation (privilege creep) when employees change roles, ensuring that old permissions are removed and only current role-appropriate access is retained.
When a user changes roles, their old permissions are often not revoked, resulting in privilege creep - the accumulation of rights beyond what the current role requires. Internal account audits systematically review all user accounts and their assigned permissions against current job roles, allowing administrators to identify and remove excessive privileges. This is the most targeted technique to address the specific problem of users exceeding their intended access after a role change.
Account disablement removes all access entirely and would be used for terminated employees, not for employees who have changed roles and still need some access.
Time of day restrictions limit when users can log in but do not affect what resources or privileges they can access.
Password complexity policies govern password strength and have no effect on the scope or level of privileges assigned to an account.
Concept tested: Privilege creep prevention through account auditing
Source: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/auditing-policy-recommendations
Topics
Community Discussion
No community discussion yet for this question.