CompTIA Security Plus Mock Test Q264

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.

Correct Answer: B
Section: Compliance and Operational Security

Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.

Incorrect Answers:
A: Conducting a survey and ranking the results are part of assessing risk and not risk mitigation.
C: A vulnerability scanner is a software application that checks your network for any known security holes; it’s better to run one on your own network before someone outside the
organization runs it against you.
D: Disabling user accounts that have not been used within the last wo weeks may just be the user accounts of employees on mandatory vacations, depending on how long the leave
period is.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 9-10, 220-221, 342-343