An organization has implemented a new approach that denies standard trust. The security team is concerned about employees retaining indefinite elevated authorizations. Which measure best addresses that situation?
Archive credentials to a secure offline location
Leave accounts with broad access for necessary tasks
Use a shared administrative credential for official staff actions
Schedule regular reviews of groups and remove unneeded capabilities
Regularly scheduling reviews and removing unnecessary capabilities ensures that users do not retain higher powers indefinitely. Leaving accounts with broad access introduces risk over time. Using a shared credential does not provide visibility into individual accountability. Simply archiving credentials does not focus on verifying or limiting what individuals can do.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in security?
Open an interactive chat with Bash
How do group reviews ensure security in access management?
Open an interactive chat with Bash
Why is shared administrative credential usage discouraged?