After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?
After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?
Integrating application accounts with network single sign-on is the best recommendation to prevent this issue from recurring. Single sign-on (SSO) ensures that when an employee's network account is deactivated, all associated application accounts are automatically deactivated as well. This eliminates the need for separate account management, reducing the risk of leaving active application accounts after network account removal. Periodic access reviews are also important, but they are a form of detective control, which means they identify issues after they have occurred rather than preventing them. Retraining system administration staff addresses human error but may not fully eliminate the risk.
It is indeed more convenient to use SSO to ensure that when employees leave, the application-related permissions are also cancelled. But whether or not SSO is imported, regular account permission reviews are still the most complete solution. Careful review of account permissions can help ensure that invalid accounts are indeed closed or deleted. So, I think answer is B.
SSO makes systems more vulnerable for single point failure also. Hence keeping both network and applications access separte is always good. Hence, review of access is the best option.
Issue is account removed after employee is terminated their contract therefor review should be conducted on periodic basis (at least quarterly ). SSO might look like a solution but then next time they may forget to remove network accounts, there is no insurance that account will be removed and as auditor you cant directly recommend business related controls to environment. It's up to company to decide to use SSO or IAM solution for automatic termination of accounts. Maybe software doesnt support it, you cant be sure.
The question is looking for preventive control. B is detective control so is not the correct answer. Single sign-on is defined as the process for consolidating all organization platform-based administration, authentication and authorization functions into a single centralized administrative function.
A is the correct answer Perform periodic access reviews will catch this issue, but will not prevent it. SSO will.
A is the right answer.
SSO is the right answer.
is there a way to be sure 100 per cent? because im too convinced by SSO but who know what is the logic !
The answer is A. Remark the sentence "..To keep this issue from recurring.."
B is much better than A as single sign on May not necessary prevent the issue from recurring
If SSO is implemented, as soon as the network account is deleted, the application is no longer accessible.
A is indeed the most convenient option, but not all systems/applications will support SSO. So B
Preventive Control
SSO makes systems vulnerable to unauthorized access
In this question the issue is having an application w/ two different types of access. One account/password for the application (consider it local) and a domain account/System account & password. You can delete the system account and the application account will still exist. Combining them (requiring a system password w/ managed or limited permissions) better facilitates management. When the system account is deleted, account access is also removed.
Incomplete integration: some applications might not be fully integrated with the SSO system, leaving room for discrepancies between network account termination and the deactivation of associated application accounts. Therefore periodic review is the best.
I will retrain the staff
Answer: B