nerdexam
CompTIA

SY0-301 · Question #809

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

The correct answer is A. Internal account audits. Internal account audits identify privilege accumulation (privilege creep) when employees change roles, ensuring that old permissions are removed and only current role-appropriate access is retained.

Security operations

Question

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

Options

  • AInternal account audits
  • BAccount disablement
  • CTime of day restriction
  • DPassword complexity

How the community answered

(33 responses)
  • A
    91% (30)
  • B
    6% (2)
  • C
    3% (1)

Why each option

Internal account audits identify privilege accumulation (privilege creep) when employees change roles, ensuring that old permissions are removed and only current role-appropriate access is retained.

AInternal account auditsCorrect

When a user changes roles, their old permissions are often not revoked, resulting in privilege creep - the accumulation of rights beyond what the current role requires. Internal account audits systematically review all user accounts and their assigned permissions against current job roles, allowing administrators to identify and remove excessive privileges. This is the most targeted technique to address the specific problem of users exceeding their intended access after a role change.

BAccount disablement

Account disablement removes all access entirely and would be used for terminated employees, not for employees who have changed roles and still need some access.

CTime of day restriction

Time of day restrictions limit when users can log in but do not affect what resources or privileges they can access.

DPassword complexity

Password complexity policies govern password strength and have no effect on the scope or level of privileges assigned to an account.

Concept tested: Privilege creep prevention through account auditing

Source: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/auditing-policy-recommendations

Topics

#least privilege#account auditing#privilege management#role-based access

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice