During the offboarding of an employee, which action MOST effectively reduces the risk of unauthorized access to the organization's information systems?
Wait until the next scheduled quarterly access review to remove the employee's accounts.
Immediately disable the employee's system accounts and collect all badges and keys.
Permit the former employee to keep their physical badge for occasional on-site visits.
Leave network credentials active for 30 days to facilitate knowledge transfer.
Immediately disabling the former employee's logical accounts (usernames, passwords, tokens) and collecting their physical access devices (badges, keys) eliminates the opportunity for the individual-or anyone who might obtain those credentials-to access company resources. Delaying revocation, leaving badges in circulation, or waiting for a periodic review extends the attack window and violates best-practice guidance in NIST SP 800-53 PS-4 and ISO 27001 Annex A 9.2.6.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are logical and physical access controls?
Open an interactive chat with Bash
Why is immediate revocation of access important after an employee leaves?
Open an interactive chat with Bash
What are the risks of not having proper offboarding procedures?