A security analyst implemented group-based privileges within the company active directory. Which of the
following account management techniques should be undertaken regularly to ensure least privilege principles?
Leverage role-based access controls.
Perform user group clean-up.
Verify smart card access controls.
Verify SHA-256 for password hashes.
Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer
objects accumulating over time and placing security and compliance objectives in jeopardy. You would
therefore need to regularly clean-up these settings.