CISSP Practice Question (Domain 6: Identity and Access Management)

A company integrates a third party SaaS platform with its internal systems using single sign on. During review, security finds the vendor provisions user roles automatically based on email domain, without management approval. The business values rapid onboarding.

What is the MOST appropriate action for the security manager to take FIRST?

A. Disable SSO integration until manual approvals are enforced

B. Require documented access approval and role assignment controls

C. Increase monitoring and audit logging for SaaS user activity

D. Conduct a penetration test against the SaaS access controls

Come back for the answer tomorrow, or study more now!

13 comments