I thought D too because the word maintains in the question suggests on-going correction and maintence of your user/system accounts. But now I'm arguing with myself that it should be A and I can't decide! Here's my thinking; I thought identity provisioning was about creating new credentials, assigning group membership etc. A good identity provisioning policy and procedure should ensure user accounts are only given the least amount of privileges required to do the job and thus the organisations maintains the principle of least privilege in there company. This would be a better pick out of the four because it's a more pro-active option rather than D? Should I have stuck with my first answer if D!?
Yep you've convinced me it's D bjpeter! To maintain surely means the on-going maintence, detection and correction of something. Need to nail down terms like 'establish' and 'maintain' so I can fully understand exactly what they are asking. Thanks for the clarification and help!
I did my SSCP about four months ago, then took a break over Christmas and started the EC-Council ECIH in Jan thinking it would help me towards the CISSP. What a mistake that was so stopped doing that and have jst started CISSP study. Ive got my eyes on May as the exam date
Yes that's correct. But just labeling the data without properly securing (storing) it will not protect it. Maybe could have been worded differently. Also, sensitive data doesn't mean its classified, i.e PII is sensitive.
Which Identity and access Management (IAM) process can be used to maintain the principle of least privilege?A. Identity provisioningB. Access recovery.C. multi-factor (MFA)D. User access Review
Here's another one for you:Which of the following is the MOST important step in protecting sensitive information?A - SanitizationB - StorageC - RetentionD - Labeling