Exam CS0-002 topic 1 question 239 discussion

B - This will automatically revoke access for terminated employees and can help to prevent unauthorized access to systems by ex-employees. While the other options could potentially help to improve security, they do not specifically address the issue of terminated employees retaining access to systems

Federation is a process that provides a shared login capability across multiple systems and enterprises. It essentially connects the IAM of multiple systems. One aspect of federation to consider with configuring it, is that since a third party is handling the transaction, you want to ensure that important tasks or changes are propagated quickly over the network with little delay. The following are some common changes that in a business setting need to happen almost instantaneously. • Provisioning: Creating an account and providing user authorization to it • Deprovisioning: Removing authorization and disabling the account • Password Reset: Resetting a user's account password in the event of a security incident ALSO: REFER TO THE SAME QUESTION ON EXAMTOPICS A YEAR AGO: https://www.examtopics.com/discussions/comptia/view/69490-exam-cs0-002-topic-1-question-263-discussion/

D is the only answer that makes sense

While either B or D would simplify disabling by disabling access in 1 place as opposed to multiple services, if nobody does it that employee would still have access weeks after... you need to actually review an make sure they are no longer there.

Initially I went with B, but yes the answer here is D - to federate the company with the cloud systems to have one single shared logon.

D question was one of the older dumps

I agree with thenewpcgamer The hint here is "many SaaS applications”, otherwise why would this be mentioned.

Since it is a small marketing firm, I think A will work just fine

A privileged access management tool would enable the firm to establish granular access controls, monitor usage, and enforce least-privilege access policies, thus reducing the risk of unauthorized access. Additionally, a privileged access management tool can provide auditing capabilities, enabling the firm to detect and investigate any potential unauthorized access incidents. This option would be more effective than the other options listed in addressing the issue of lingering access, as it proactively manages privileged access and can help prevent data breaches resulting from unauthorized access.

I think the key words here are "many SaaS applications". I would go with B if we were speaking of privileged accounts. Since we are referring to end users the best way to handle identity management is to enable SSO for all "many SaaS applications" applications.

the answer is clearly A. What is wrong with all of you trolls. B mentions privileged accounts. we need users to go away. A is the only answer that makes sense.

D is the answer

D. No mention of priv access, although you can argue that "sensitive information" would warrant that. However, this specifically mentions SaaS. SSO would work here. Once the account is terminated, then access to all 3rd party SaaS will be terminated as well.

SSO, turn account off in one spot.

Why B? The question never mentioned something about privileged accounts. I think "D" is the right one due to with a federated service, you use the same account credentials for the rest of applications, so disabling them once would be enough to retire the access to any SaaS application. I might be wrong, so let me know if I'm missing something!

B. The BEST option to resolve the issue of lingering access for terminated employees in a small marketing firm that uses many SaaS applications is to set up a privileged access management (PAM) tool that can fully manage privileged account access. PAM tools can help organizations manage access to privileged accounts, including limiting access to authorized individuals and revoking access when employees leave the organization or change roles. By setting up a PAM tool, the marketing firm can ensure that terminated employees no longer have access to SaaS applications after their end date.

Going with A