Exam SY0-601 topic 1 question 766 discussion

I took the exam today and 90% from came from this dump I scored 800 so study this dump at least twice and you are good to go.

It's B. since the question said that "most of the IT staff members have domain administrator credentials and do not change the passwords regularly". It probably means that there has not been an auditing to limit the access control and also passwords needs to be changed regularly. so. Option B fits perfect!

PAM with RBAC covers all question's requirements

While enforcing password rotation (Option A) or removing unnecessary administrators (Option B) addresses parts of the issue, PAM with RBAC covers both, along with added controls.

It's B because D doesn't directly address the fact that unnecessary admins should be removed.

B fits the question

It's B. i think the focus is, most of IT stuff memeber has admin account, is this a good practice? No, we change it --->B yes, we keep it --->D that's why i chose B

My immediate thought process was that it's definitely between B & D; however, after of bit I started to believe B may indeed be the most complete answer before doing some additional research on PAM and finally concluding that D is in fact the best answer. Why? Well, there's no doubt that D does in fact provide the best answer in regard to Admin privilege access, but I wondered if it did anything regarding the need for Password management/rotation. This brought me back to B, but it turns out that a PAM has some impressive capabilities that cover passwords. - Allows users to access the privileged account w/out knowing the password - Automatically change privilege account passwords periodically With this knowledge, it's definitely D.

D. Securing domain administrator credentials in a PAM vault and controlling access with role-based access control. Explanation: PAM (Privileged Access Management) solutions provide a centralized platform for securely storing, managing, and rotating privileged credentials, such as domain administrator credentials. By storing domain administrator credentials in a PAM vault, organizations can enforce strong access controls, audit trails, and session monitoring to ensure that only authorized personnel can access these credentials when necessary. Role-based access control (RBAC) allows organizations to assign specific permissions and privileges based on users' roles and responsibilities. By implementing RBAC, organizations can limit access to domain administrator credentials to only those who require them for their job duties, reducing the risk of unauthorized access.

This is from ChatGPT so take this with a grain of salt (I know ChatGPT can have wrong answers). However, I agree with it. D does not necessarily tackle the fact that the passwords need to continue changing. Now, let's discuss why option D may not be the correct choice: Option D suggests securing domain administrator credentials in a PAM vault and controlling access with role-based access control (RBAC). While using a PAM vault to secure privileged credentials is a good practice, and RBAC helps enforce access controls, the option may not fully address the issue of domain administrator credentials not being changed regularly.

Privileged Access Management (PAM) solutions help organizations manage and secure privileged credentials, such as domain administrator credentials, by placing them in a centralized vault. PAM solutions enforce tight access controls, monitoring, and session recording for privileged accounts to mitigate the risks associated with misuse or compromise of such credentials.

Better, most complete

in B why would you need to rotate the passwords for people you are removing privileges for? The word passwords in the question is a trap. Implementing RBA would remove the users who don't need access.

D doesn't solve the issue of the extra people with admin privs.

'most complete way'

B solves the issues the best

PAM solutions are designed to secure, manage, and monitor privileged accounts.