SY0-501 Question #40: Real Exam Question with Answer & Explanation

Question

After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

Options

• AMonitor VPN client access
• BReduce failed login out settings
• CDevelop and implement updated access control policies
• DReview and address invalid login attempts
• EIncrease password complexity requirements
• FAssess and eliminate inactive accounts

Explanation

After a merger, securing systems against former employees requires proactive identity and access management measures that directly address unauthorized access risks from terminated users.

Common mistakes.

• A. Monitoring VPN client access is a detective control that identifies suspicious activity after it occurs, but does not proactively prevent former employees from attempting to use existing credentials.
• B. Reducing failed login lockout settings would make the environment less secure by allowing more failed attempts before lockout, which is counterproductive to hardening against unauthorized access.
• D. Reviewing invalid login attempts is a reactive monitoring measure that detects intrusion attempts after the fact rather than proactively hardening applications against former employee infiltration.
• E. Increasing password complexity requirements improves general password security but does not address the specific threat of former employees who may already know or have stored their valid credentials.

Concept tested. Access control hardening and inactive account management post-merger

Reference. https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

No community discussion yet for this question.