A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be
undertaken regularly to ensure least privilege principles?
A.
Leverage role-based access controls.
B.
Perform user group clean-up.
C.
Verify smart card access controls.
D.
Verify SHA-256 for password hashes.
Explanation:
Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security
and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings.
Incorrect Answers:
A: Reusing role-based access controls would not ensure least privilege principles.
C: Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that allows you to physically access secure facilities.
This would not ensure least privilege principles.
D: Hashing is used to detect violations of data integrity. This would not ensure least privilege principles.http://www.cayosoft.com/active-directory-cleanup/