A new audit reveals that certain groups in an identity repository inherited privileges across multiple domains that surpass their required roles. Which measure best resolves the underlying cause?
Adjust the nested group membership to match job requirements
Implement an intrusion detection system for the domain controllers
Change the domain’s functional level to the latest version
Remove membership from high-level groups while leaving others intact
Modifying the nested group membership structure addresses the underlying problem by limiting permissions to what is required, preserving least privilege. Removing membership from high-level groups alone might leave some incorrect inheritance paths unaddressed. Changing the domain’s functional level is about upgrading features, not fixing unauthorized privileges. Intrusion detection focuses on suspicious traffic, but it does not correct existing group assignments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a nested group in an identity repository?
Open an interactive chat with Bash
What does the principle of least privilege mean in access control?
Open an interactive chat with Bash
Why doesn’t changing the domain’s functional level address excessive privileges?