A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?
Securing domain administrator credentials in a PAM vault and controlling access with role-based access control (RBAC) offers a comprehensive solution. PAM (Privileged Access Management) ensures credentials are securely stored, effectively managed, and regulated through strong access controls. Moreover, PAM solutions can enforce password rotation, automated password changes, and continuous monitoring, thereby addressing both the privilege sprawl and the need for regular password changes. Implementing RBAC restricts access to only those who need it, thus reducing the organization's security risk in a well-rounded manner.
I took the exam today and 90% from came from this dump I scored 800 so study this dump at least twice and you are good to go.
Theres 860 questions, quite a bit to do it twice.
It's B. since the question said that "most of the IT staff members have domain administrator credentials and do not change the passwords regularly". It probably means that there has not been an auditing to limit the access control and also passwords needs to be changed regularly. so. Option B fits perfect!
B solves the issues the best
Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords. I didn't know what password rotation, so I looked it up. "Password rotation refers to the changing/resetting of a password." I think that B. would be good.
It's B. i think the focus is, most of IT stuff memeber has admin account, is this a good practice? No, we change it --->B yes, we keep it --->D that's why i chose B
D. Securing domain administrator credentials in a PAM vault and controlling access with role-based access control. Explanation: PAM (Privileged Access Management) solutions provide a centralized platform for securely storing, managing, and rotating privileged credentials, such as domain administrator credentials. By storing domain administrator credentials in a PAM vault, organizations can enforce strong access controls, audit trails, and session monitoring to ensure that only authorized personnel can access these credentials when necessary. Role-based access control (RBAC) allows organizations to assign specific permissions and privileges based on users' roles and responsibilities. By implementing RBAC, organizations can limit access to domain administrator credentials to only those who require them for their job duties, reducing the risk of unauthorized access.
PAM solutions are designed to secure, manage, and monitor privileged accounts.
it should be B
My immediate thought process was that it's definitely between B & D; however, after of bit I started to believe B may indeed be the most complete answer before doing some additional research on PAM and finally concluding that D is in fact the best answer. Why? Well, there's no doubt that D does in fact provide the best answer in regard to Admin privilege access, but I wondered if it did anything regarding the need for Password management/rotation. This brought me back to B, but it turns out that a PAM has some impressive capabilities that cover passwords. - Allows users to access the privileged account w/out knowing the password - Automatically change privilege account passwords periodically With this knowledge, it's definitely D.
This is from ChatGPT so take this with a grain of salt (I know ChatGPT can have wrong answers). However, I agree with it. D does not necessarily tackle the fact that the passwords need to continue changing. Now, let's discuss why option D may not be the correct choice: Option D suggests securing domain administrator credentials in a PAM vault and controlling access with role-based access control (RBAC). While using a PAM vault to secure privileged credentials is a good practice, and RBAC helps enforce access controls, the option may not fully address the issue of domain administrator credentials not being changed regularly.
Better, most complete
in B why would you need to rotate the passwords for people you are removing privileges for? The word passwords in the question is a trap. Implementing RBA would remove the users who don't need access.
D doesn't solve the issue of the extra people with admin privs.
Yes it does because a role-based access control would be implemented.
'most complete way'
B fits the question
Privileged Access Management (PAM) solutions help organizations manage and secure privileged credentials, such as domain administrator credentials, by placing them in a centralized vault. PAM solutions enforce tight access controls, monitoring, and session recording for privileged accounts to mitigate the risks associated with misuse or compromise of such credentials.
The correct answer is D