Free CrowdStrike CCCS-203b Actual Exam Questions - Question 2 Discussion
appropriate action to mitigate risks associated with these accounts?
Maybe B is better since it lets you catch any unexpected use or threat before deciding to delete or restore accounts, reducing risk without rushing. A and D feel too extreme without that monitoring step.
Maybe C works too since it cuts off access but keeps everything ready if the user needs to be reactivated, avoiding any operational delays while managing risk.
C/D? Deactivating accounts (C) stops access but keeps the setup for easy reactivation, which might be useful. Immediate deletion (D) feels risky unless you’re 100% sure those accounts won’t be needed again.
Option B makes sense because disabling accounts temporarily limits risk without losing control immediately. Transferring permissions (A) could cause security issues by spreading access unnecessarily. Keeping roles after deactivation (C) might leave permissions hanging around, which isn’t ideal. Immediate deletion (D) could lead to problems if the account needs to be restored or checked later. So, temporarily disabling and monitoring is a balanced way to handle inactive users securely while keeping options open.
It’s B, since immediate deletion (D) risks losing needed access if reactivation is required.
C/D? Deleting accounts right away (D) might be risky if they’re linked to important data or processes, so that feels too harsh. On the other hand, just deactivating but keeping roles (C) could leave permissions dangling without control. Temporarily disabling then monitoring, like B, seems safer overall to catch any unexpected use before making a final call. Transferring permissions (A) seems unrelated to risk mitigation here.
I think B makes the most sense—disabling first to see if anything weird happens before deleting or deactivating. Safer approach.