SY0-501 Question #227: Real Exam Question with Answer & Explanation

Question

An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data: Which of the following would be the BEST method to prevent similar audit findings in the future?

Options

• AImplement separation of duties for the payroll department.
• BImplement a DLP solution on the payroll and human resources servers.
• CImplement rule-based access controls on the human resources server.
• DImplement regular permission auditing and reviews.

Explanation

To prevent future audit findings regarding inappropriate access to confidential data following role changes, implementing separation of duties is the most effective preventative measure.

Common mistakes.

• B. A DLP solution primarily prevents sensitive data from leaving the organization's control, rather than directly preventing inappropriate internal access due to flawed access controls after role changes.
• C. While rule-based access controls are a good general approach to managing access, simply implementing them does not inherently prevent deficiencies if the underlying rules are not structured according to principles like separation of duties to limit excessive privileges.
• D. Regular permission auditing and reviews are crucial for identifying existing deficiencies but do not inherently prevent them from occurring in the first place, which is the goal specified in the question.

Concept tested. Security principles: Separation of Duties (SoD)

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-access-control-best-practices#segregation-of-duties

No community discussion yet for this question.