An organization is looking to enhance its security posture by improving the management of credentials for privileged accounts, such as domain administrators and root users. Which of the following approaches provides the most comprehensive security controls for this specific use case?
Mandating the use of long, complex passwords for all privileged accounts, with a policy requiring rotation every 90 days.
Enforcing multi-factor authentication (MFA) for all administrative account logons through a federated identity provider.
Implementing a Privileged Access Management (PAM) solution that includes credential vaulting, session monitoring, and automated password rotation.
Storing all privileged credentials in a dedicated enterprise password vault shared among authorized administrators.
A Privileged Access Management (PAM) solution provides the most comprehensive set of security controls for managing high-risk privileged accounts. PAM solutions go beyond simple credential storage by offering a suite of features including secure vaulting, automated password rotation to limit the lifespan of a credential, and session monitoring or recording to audit all privileged activities. While an enterprise password vault offers secure storage, it typically lacks the advanced monitoring and automated lifecycle management features of a full PAM system. Enforcing MFA is a critical control for authenticating administrators but does not manage the credential's lifecycle or monitor its use during a session. A strong password policy is a fundamental baseline but does not provide the active management, monitoring, and automated controls necessary to adequately protect privileged access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is credential encryption?
Open an interactive chat with Bash
What are the risks of sharing accounts among team members?
Open an interactive chat with Bash
Why is maintaining a written log of passwords considered a bad practice?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access