CISSP • Practice Test 10
Free CISSP practice test — 10 questions with explanations. Set 10. No signup required.
A medium-sized financial services company recently deployed a new identity governance and administration (IGA) solution to manage user access across on-premises Active Directory and cloud-based SaaS applications. The IGA system uses a role-based access control (RBAC) model with hundreds of roles defined. The company has a policy that all access certifications must be completed quarterly. During the first quarterly certification, the access reviewers complain that they are overwhelmed by the number of entitlements they need to review, and many certifications are not completed on time. The security team also notices that some users have accumulated excessive privileges because role assignments were not properly reviewed. The company wants to streamline the certification process without sacrificing security. Which of the following is the BEST course of action?