After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?
A.
Integrate application accounts with network single sign-on.
It is indeed more convenient to use SSO to ensure that when employees leave, the application-related permissions are also cancelled. But whether or not SSO is imported, regular account permission reviews are still the most complete solution. Careful review of account permissions can help ensure that invalid accounts are indeed closed or deleted.
So, I think answer is B.
By integrating application accounts with network SSO, user credentials are managed centrally. When a network account is disabled (e.g., after termination), access to all linked applications is also automatically disabled, reducing the risk of orphaned accounts.
This is just a matter of careful reading. To keep this issue from recurring (Preventative), you would use SSO to ensure that disabling the network account would in turn disable access for the application. Performing periodic access reviews is a corrective control, addressing application accounts that were not disabled after the fact (at this point, you are past preventing it).
This centralizes user access management. Linking application accounts to SSO system automatically revokes access to all integrated applications with the termination of a network account
Incomplete integration: some applications might not be fully integrated with the SSO system, leaving room for discrepancies between network account termination and the deactivation of associated application accounts. Therefore periodic review is the best.
The question is looking for preventive control. B is detective control so is not the correct answer. Single sign-on is defined as the process for consolidating all organization platform-based administration, authentication and authorization functions into a single centralized administrative function.
In this question the issue is having an application w/ two different types of access. One account/password for the application (consider it local) and a domain account/System account & password. You can delete the system account and the application account will still exist. Combining them (requiring a system password w/ managed or limited permissions) better facilitates management. When the system account is deleted, account access is also removed.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Victor83516
Highly Voted 2 years, 8 months agoNainaNivi
Most Recent 1 month agoRukiISAdtr
2 months agorangaraj
2 months agoEiad1100
4 months, 4 weeks agochadeeu
6 months ago1Naa
6 months, 1 week agofirel0rd
10 months, 1 week agoa84n
1 year agoSwallows
1 year, 1 month agoRachy
1 year, 3 months agoCISA2021
1 year, 3 months ago6god
1 year, 5 months agokatyak
1 year, 6 months agoKokoh23
1 year, 7 months agoi91290
1 year, 10 months agooldmagic
1 year, 11 months ago