Free CrowdStrike CCCS-203b Actual Exam Questions - Question 15 Discussion
privileges, as identified by a CIEM solution?
It’s A because no recent activity combined with write access means the developer likely doesn’t need those privileges anymore, which is exactly what CIEM tools target for cleanup.
A/B? If the revoked role in B still grants access, that’s a clear CIEM issue. But A’s no activity for six months with write access also screams unnecessary privilege. Both seem valid depending on how strict the CIEM is.
It’s B. A revoked role should mean no active privileges, so if access still exists, it’s definitely unnecessary and flagged by CIEM for cleanup.
B seems less likely since a revoked role means the privileges are already removed, so no unnecessary access there. C and D both describe accounts actively used for their intended purposes, so they wouldn’t usually be flagged by CIEM tools. The key here is the mismatch between assigned permissions and actual use—A fits this because it shows a developer with high-level access but no activity for a long time, which suggests the access might be outdated or unnecessary.
A. Even without recent activity, having write access to production might be risky if the developer no longer needs it. That’s the kind of unnecessary privilege CIEM tools aim to flag.
D imo, the monitoring service with read-only access is pretty standard and usually necessary for audits or troubleshooting, so that’s unlikely unnecessary. A looks like the best fit since no activity for six months suggests the access isn’t currently needed. B’s revoked role means the access isn’t active anymore, and C is daily use by an admin, so both don’t show unnecessary privileges. So yeah, A makes the most sense for flagging unnecessary access here.
Option A stands out because if the developer hasn’t used their write access for six months, that’s a strong sign the privilege might be excessive. Option B is about a revoked role, so no actual access there anymore. Option C and D describe accounts actively used or with appropriate read-only access, which usually aren’t flagged by CIEM for unnecessary privileges. So, it’s about matching unused access with the risk of it being leftover or too broad.
B seems less likely since a revoked role means no active privileges. The question asks for unnecessary access, not inactive or removed access, so B doesn’t fit as well.
It’s A since no access in 6 months means that level of privilege isn’t needed right now.
I think the answer is A. Having write access to a production database but no recent activity for over six months seems like unnecessary access that should be reviewed or removed. The other options look like normal or expected access patterns.