A company uses an automated process that grants advanced rights to every newly created account. Testing reveals that these privileged accounts have been modifying critical options far beyond their intended scope. Which action is the best approach to reduce large-scale unauthorized changes?
Implement frequent credential rotation for accounts granted elevated permissions
Activate extra authentication checks for all recently issued accounts
Apply stronger passphrase policies across newly created high-privilege accounts
Schedule role reviews and remove advanced permissions from accounts without valid business needs
Adjusting account roles through scheduled audits addresses the root cause by ensuring the principle of least privilege. Increasing passphrase complexity does not correct high-level rights granted by default. Enabling additional checks during authentication strengthens login protocols but does not limit unneeded privileges. Rotating credentials on a routine basis is useful, though it also fails to remove unnecessary rights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
Why are role reviews important in access management?
Open an interactive chat with Bash
How does credential rotation differ from role reviews?