Which guideline governs the deactivation of user accounts when they are no longer needed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Identity and Access Manager Exam using flashcards and multiple-choice questions. Gain insights into the exam format, practice with real-world scenarios, and ensure your success in becoming a certified professional.

Multiple Choice

Which guideline governs the deactivation of user accounts when they are no longer needed?

Explanation:
Deactivation policies govern how and when user accounts are turned off when they’re no longer needed. They are a key part of identity and access lifecycle management, ensuring timely deprovisioning so former users can’t access systems or data. A solid deactivation policy defines who initiates the offboarding, the exact steps to revoke credentials (disabling accounts, revoking tokens, removing from groups and applications), and the timelines for completing these actions. It also covers what happens to data and access artifacts after deactivation and how such events are logged for audits. This approach helps prevent orphaned or lingering access that could be exploited, aligning with least-privilege and security hygiene. Background checks and verification of a new employee’s history relate to onboarding and vetting, not the ongoing process of ending access. Access standards describe who should have access generally, but they don’t specify the procedure for deactivating accounts when access is no longer required.

Deactivation policies govern how and when user accounts are turned off when they’re no longer needed. They are a key part of identity and access lifecycle management, ensuring timely deprovisioning so former users can’t access systems or data. A solid deactivation policy defines who initiates the offboarding, the exact steps to revoke credentials (disabling accounts, revoking tokens, removing from groups and applications), and the timelines for completing these actions. It also covers what happens to data and access artifacts after deactivation and how such events are logged for audits. This approach helps prevent orphaned or lingering access that could be exploited, aligning with least-privilege and security hygiene.

Background checks and verification of a new employee’s history relate to onboarding and vetting, not the ongoing process of ending access. Access standards describe who should have access generally, but they don’t specify the procedure for deactivating accounts when access is no longer required.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy