Which action best aligns with cloud security policy when decommissioning user accounts in a cloud environment?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your skills for the CompTIA Cloud+ exam. Prepare with interactive quizzes, detailed explanations, and real exam simulations. Set the stage for your cloud certification success!

Multiple Choice

Which action best aligns with cloud security policy when decommissioning user accounts in a cloud environment?

Explanation:
Prompt and timely decommissioning of user accounts is essential in cloud security. When a user leaves or no longer should have access, their credentials and permissions must be revoked quickly to close the window for potential misuse. Initiating disablement and ensuring it’s completed within a short, defined timeframe (such as four hours) puts access revocation on a clear schedule, helping to automatically revoke tokens, sessions, and IAM permissions across all connected services. This minimizes the risk of lingering access and supports proper auditing and compliance. Delaying until a quarterly cycle leaves a large vulnerability window, during which an offender or an attacker could still use active credentials. Handling decommissioning only during routine maintenance windows introduces unpredictability and the chance of missed steps. Rebooting identity services daily doesn’t actually remove access for a specific user and can cause unnecessary disruption, without guaranteeing timely deactivation. So, promptly initiating and completing account disablement within a tight SLA best aligns with standard cloud security practices for decommissioning.

Prompt and timely decommissioning of user accounts is essential in cloud security. When a user leaves or no longer should have access, their credentials and permissions must be revoked quickly to close the window for potential misuse. Initiating disablement and ensuring it’s completed within a short, defined timeframe (such as four hours) puts access revocation on a clear schedule, helping to automatically revoke tokens, sessions, and IAM permissions across all connected services. This minimizes the risk of lingering access and supports proper auditing and compliance.

Delaying until a quarterly cycle leaves a large vulnerability window, during which an offender or an attacker could still use active credentials. Handling decommissioning only during routine maintenance windows introduces unpredictability and the chance of missed steps. Rebooting identity services daily doesn’t actually remove access for a specific user and can cause unnecessary disruption, without guaranteeing timely deactivation.

So, promptly initiating and completing account disablement within a tight SLA best aligns with standard cloud security practices for decommissioning.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy