A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to
modify the contents of a confidential database, as well as other managerial permissions. On Monday
morning, the database administrator reported that log files indicated that several records were missing
from the database. Which of the following risk mitigation startegies should have been implemented
when the supervisor was demoted?
A.
Incident management
B.
Routine auditing
C.
IT governance
D.
Monthly user rights reviews
Monthly user Right Review cannot stop a activity performed in 2 days , it will be reviewed in 30 days not 2 days
4
0
This should have been an incident management.
The incident response should be a mandatory rights review, yes. But it should have been triggered by a predetermined procedure for such things. That means an incident managment.
0
0
P.S. Download that 1867q SY0-401 dumps for free here:
https://doc.co/FTT4SW
Good Luck!
0
10
The fact that the supervisor got demoted is not an incident. After the missing records–okay. But the questions asks about risk mitigation when the supervisor was demoted (Friday). My first option was to choose monthly user right review but clearly, this may be a month off before being used. The only option is IT governance which presumes that security activities will be performed with the needs of the company in mind. Since people losing their jobs is part of business, IT governance should have a process in mind to ensure that least privilege is enforced in these instances.
5
0
Without a doubt it’s B. Routine audit includes user rights review whenever an employee changes his job or responsibilities.
4
0
i believe the right answer is Routine auditing because Routine auditing includes user rights review and/or disabling unused accounts
3
0
https://www.youtube.com/watch?v=HvMJRFYn7Ik – Professor Messer about User Access Reviews and Monitoring.
For me, answer is B: Routing auditing
5
0
supervisor get demoted, apparently is an incident, he would be demoted for some reason. and incident management should be performed. record the incident and perform mitigation steps.
0
0
B: Routing auditing
3
0
B
0
0
Badly written question.
It appears to all extent and purposes that the “supervisor” was in fact FIRED and not DEMOTED as such. To demote someone is to “move (someone) to a lower position or rank, usually as a punishment.”
To my mind, what is being asked is a mitigating strategy which should have been implemented when the supervisor was demoted (fired). This strategy should have been of a proactive nature.
In other words, we are after a process which should have been followed at the precise moment in time the supervisor was demoted, in order to avoid the risk of said person doing something he should not (as it was the case in here)
So to my mind the options that can be eliminated are:
*A. Incident management: An incident management plan (IMP), sometimes called an incident response plan or emergency management plan, is a document that helps an organization return to normal as quickly as possible following an unplanned event. An IMP can identify weaknesses in a business, mitigate the impact of a variety of situations, and limit damage to an organization’s reputation, finances and operations.
As already mentioned, the supervisors being demoted does not constitute an incident. Also, Incident Management deals is reactive in nature, and not pro-active, as we are in fact closing the gate AFTER the horse has bolted.
*B. Routine auditing: An audit is a process were we conduct an official inspection of our systems in order to determine whether there are accounts in there which should not be. Is a way to ensure that nothing has “fallen through the cracks” so to say.
Audits are done to show us things that we may not know. Yet, we just fired the guy! We already know that the guys was fired or demoted, and that without the need of any auditing being performed. So we also already know that his or her account should be disabled in order to minimize risk. We do not need an audit for that. All we need is a bit of common sense.
*D. Monthly user rights reviews: So we may run our monthly audit say twenty days from now just to find out that the guy whom we fired last Friday still has an (admin) account? Surely not! If this is the case, it is not just the “supervisor” who needs to be “demoted”. I would “demote” the whole IT department for being partakers in such an exercise on plain stupidity.
So to my mind, “C. IT governance” is the best answer.
IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.
As a part of IT governance (ITG) we have the process of “offboarding” which was clearly not followed in here. The user account for the “supervisor” should have been disabled even before he was “demoted” in order to minimize risk. This is pretty much standard procedure in any company worth its salt.
Employee onboarding and offboarding are two core HR activities that are gaining in importance. Onboarding begins once a job candidate agrees to accept a job. It involves all the steps needed to get a new employee successfully deployed and productive. Offboarding is the reverse of onboarding, and it involves separating an employee from a firm. This can include a process for sharing knowledge with other employees.
Every major talent management software system includes an onboarding module, and there are vendors specializing in onboarding systems. Offboarding software is also part of a talent management system. Employee onboarding and offboarding have many similarities. Each process requires actions concerning payroll, benefits and assorted legal documents, as well as issuing or taking back keys, badges, IT equipment and network access.
2
3