Free CrowdStrike CCCS-203b Actual Exam Questions - Question 3 Discussion
overly permissive roles and no recent usage?
Makes sense to go with D here. Instead of jumping straight to deleting the SP, it’s smarter to trim down its permissions first and see if that solves the issue, especially since it hasn’t been used lately. That way, you reduce risk without causing possible disruptions.
Probably D since adjusting permissions is safer before deleting anything.
Maybe D makes more sense since immediately deleting could cause issues if it’s actually needed somewhere. Cutting down permissions first lets you keep control without risking service disruption.
B imo, if it’s truly unused and has overly permissive roles, deleting removes the threat entirely. Leaving it around, even with reduced roles, still poses a risk if someone reactivates or misuses it.
It’s D because you want to minimize risk without breaking anything. Just dropping permissions is a safer middle ground than deleting, especially if usage info might be incomplete.
Option D avoids rash decisions by focusing on adjusting permissions first, which is safer if the SP might be needed later. Immediate deletion (B) could cause issues if it’s still in use somewhere unnoticed.
D sounds like the best move—review and tighten permissions instead of deleting or just downgrading roles. Keep it least privilege but don’t rush to delete unless sure it’s unused.