A cloud operations team wants to strengthen its privileged access controls for production servers hosted across multiple providers. The team proposes creating short-lived administrator accounts that appear only when a maintenance workflow begins and are automatically removed when the task completes.
Which of the following is the PRIMARY security benefit of using these short-term privileged accounts?
They disable audit logging temporarily to prevent log tampering during maintenance.
They allow administrators to bypass standard change-management approvals for urgent fixes.
They eliminate the requirement for multifactor authentication during administrator logins.
They reduce the window of opportunity for attackers by limiting standing privileges.
Short-term or just-in-time (JIT) privileged accounts eliminate standing privileges. Because elevated rights exist only for the exact time they are needed, attackers have a much smaller window in which to exploit them. The approach also supports least-privilege enforcement, improves auditability, and reduces lateral-movement opportunities. Permanent elimination of MFA, change-management bypass, or disabling logs would all weaken security rather than enhance it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are standing privileges, and why are they a security risk?
Open an interactive chat with Bash
What is Just-In-Time (JIT) access, and how does it enforce least privilege?
Open an interactive chat with Bash
How does JIT privileged access improve auditability and prevent lateral movement?