In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire." Which of the following recommendations would BEST address the risk with minimal disruption to the business?
A.
Schedule downtime to implement password changes.
B.
Introduce database access monitoring into the environment.
C.
Modify the access management policy to make allowances for application accounts.
D.
Modify applications to no longer require direct access to the database.
In a 24/7 processing environment, changing privileged application account passwords (such as by scheduling downtime) could disrupt critical operations. Introducing database access monitoring allows the organization to mitigate risks associated with these accounts while minimizing business disruption. Monitoring provides visibility into who or what is accessing the database and can identify suspicious activities, unauthorized access, or potential abuse of privileged accounts.
In a 24/7 processing environment, where continuous operation is critical for business operations, changing passwords that are set to "never expire" might lead to disruptions or downtime if not managed carefully. Modifying the access management policy to make allowances for application accounts can involve implementing compensating controls or alternative security measures to mitigate the risk associated with passwords that do not expire while ensuring continuous operation.
Option B, introducing database access monitoring into the environment, is a valuable security measure, but it may not directly address the risk posed by privileged application accounts with passwords set to "never expire." Access monitoring can help detect and respond to unauthorized access attempts or suspicious activities, but it doesn't inherently address the issue of passwords not expiring.
Option C specifically targets the root cause of the risk by establishing guidelines or controls tailored to address the unique requirements of privileged application accounts. This approach allows organizations to enforce password management practices, such as periodic password changes or enhanced security measures, without disrupting business operations or requiring immediate downtime.
BEST Solution: This approach minimizes disruption and directly addresses the risk.
Benefits:
Applications no longer directly access the database.
Privileged accounts can be managed separately, enforcing password policies.
Improved security posture without impacting business continuity.
C. Modify the access management policy to make allowances for application accounts.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
1Naa
3 days, 21 hours agoSwallows
2 weeks, 6 days agoa84n
1 month, 3 weeks agoTef_corp
2 months agoecho_cert
3 months, 3 weeks ago3008
10 months, 3 weeks agoChangwha
11 months, 1 week ago