4th Time

A newly acquired subsidiary uses a separate identity provider with no federation to the parent company. Executives want immediate single sign-on access to the subsidiary's financial reporting system. The subsidiary's IT team warns their directory contains orphaned accounts from prior layoffs. What should you address FIRST? A. Establish federated trust between both identity providers B. Perform an access review and remove orphaned accounts in the subsidiary's directory C. Provision executive accounts directly in the subsidiary's identity provider D. Implement multi-factor authentication on the financial reporting system Come back for the answer tomorrow, or study more now!

A developer commits API credentials into a public repository and immediately deletes the commit. The security team discovers the credentials are still visible in the repository's commit history. The API provides read access to customer records. What should you do FIRST? A. Purge the commit history to remove the exposed credentials from the repository B. Revoke and rotate the compromised API credentials immediately C. Scan customer records for evidence of unauthorized access using the exposed keys D. Implement pre-commit hooks to prevent future credential exposure in repositories Come back for the answer tomorrow, or study more now!

During an acquisition integration, you discover the target company grants domain administrator privileges to its entire 12-person IT department. They argue the small team requires broad access for operational efficiency. Your organization's policy enforces least privilege. What should you do FIRST? A. Immediately revoke domain admin from all subsidiary IT staff and assign role-based access B. Conduct a privileged access audit to map which admin functions each role actually requires C. Allow current access with enhanced monitoring until integration is complete D. Require the subsidiary to adopt your identity governance platform before network integration Come back for the answer tomorrow, or study more now!

Your organization's risk register is maintained by a single senior analyst who built custom scoring formulas undocumented outside his workstation. He announces his resignation with two weeks notice. The next quarterly risk review is in three weeks. What should you do FIRST? A. Hire a replacement analyst before the departing employee's last day B. Conduct an immediate knowledge transfer to document the scoring methodology C. Postpone the quarterly risk review until a replacement is onboarded D. Assign the risk register to the internal audit team as an interim measure Come back for the answer tomorrow, or study more now!