Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:
A.
security logs to determine the cause of invalid login attempts.
B.
documentation indicating the intended users of the application.
C.
an access control matrix and approval from the user's manager.
D.
business purpose documentation and software license counts.
sticking to C:
The principle of least privilege is a fundamental security principle that limits user access rights to the minimum necessary to perform their job functions. To ensure that access remains appropriate, application owners should review user access rights on a regular basis. The best way to do this is by obtaining an access control matrix that lists all users and their access rights, and obtaining approval from the user's manager to confirm that the access rights are still necessary for the user to perform their job functions.
It is more efficient to have a matrix that defines the access permissions and their associated actions and their approval by the user manager. In any case, this process is not called 'attestation' as mentioned here.
https://www.isaca.org/resources/glossary#Attestation
B is correct. [ documentation indicating the intended users of the application. ]
Once the app owner can figure out who the intended users are, access can be authorized or not authorized.
B
When you create your application, write down what resources it must access and what special tasks it must perform. Examples of resources include files and registry data; examples of special tasks include the ability to log user accounts on to the system, debug processes, or backup data. Often you'll find you do not require many special privileges or capabilities to get any tasks done. Once you have a list of all your resources, determine what might need to be done with those resources. For example, a user might need to read and write to the resources but not create or delete them. Armed with this information, you can determine whether the user needs to run as an administrator to use your application. T
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Raj1510
Highly Voted 2 years, 2 months agoCbtL
Most Recent 11 months, 2 weeks agoKoulyo
11 months, 4 weeks agojohn_boogieman
1 year, 1 month agoCeecil1959
2 years agoTomm8125
2 years, 11 months agoAnon530
2 years, 11 months ago