7d (edited) • 🙋♂️ CISSP
CISSP Practice Question (Domain 5: Identity and Access Management)
A global enterprise implements a zero-trust architecture requiring continuous authentication and authorization. During an incident investigation, security analysts discover that a compromised service account with high privileges has been making API calls from multiple geographic locations simultaneously. The account uses certificate-based authentication with a valid certificate that won't expire for 18 months.
What is the MOST effective immediate containment action?
A. Revoke the certificate through the Certificate Authority's Certificate Revocation List (CRL)
B. Disable the service account in the identity provider
C. Implement IP-based geo-fencing to block requests from unauthorized locations
D. Rotate the account credentials and force re-authentication
Come back for the answer tomorrow, or study more now!
6
20 comments
CISSP Practice Question (Domain 5: Identity and Access Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+71
2
+56
3
+45
4
+41
5
+38
Powered by