Internal User Access Review Tool: Meeting CASP+ Exam Requirements
Question
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships.
The tool is functional and popular among its initial set of onboarded teams.
However, the tool has not been built to cater to a broader set of internal teams yet.
The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows: -> The tool needs to be responsive so service teams can query it, and then perform an automated response action.
-> The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
-> The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
Which of the following need specific attention to meet the requirements listed above? (Choose three.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.BCE.
The three areas that need specific attention to meet the requirements listed above are:
Availability: The tool needs to be available 24/7 so that service teams can perform user access reviews at any point in time and meet their own SLAs. Resilience to outages is also necessary to ensure that the tool can continue to function during planned or unplanned downtime. This can be achieved through the use of redundancy, failover mechanisms, and proactive monitoring to identify and remediate issues before they impact availability.
Usability: The tool needs to be responsive so that service teams can quickly and easily query it and then perform an automated response action. The user interface should be intuitive and easy to navigate, and the tool should provide clear feedback on the results of each query or action. Usability testing and user feedback should be used to refine the tool's design and ensure that it meets the needs of its intended audience.
Recoverability: The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships, and it must allow for data retrieval after failure. This requires a robust backup and recovery strategy that includes regular data backups and a tested recovery process to ensure that the tool can be quickly restored to its previous state in the event of a failure or data loss.
The other three options, scalability, latency, and maintainability, are also important considerations for any tool, but they are not specifically mentioned in the requirements listed above.
Scalability: While not mentioned explicitly in the requirements, scalability is an important consideration for any tool that is expected to be used by a growing number of users or to handle an increasing amount of data over time. The tool should be designed with scalability in mind, using techniques such as load balancing, horizontal scaling, and distributed architectures to ensure that it can handle increased usage without performance degradation.
Latency: Latency, or the delay between a user request and the tool's response, is an important consideration for any tool that requires real-time interaction. While not explicitly mentioned in the requirements, minimizing latency should be a goal of the tool's design to ensure that service teams can quickly perform user access reviews and respond to any issues that arise.
Maintainability: While not explicitly mentioned in the requirements, maintainability is an important consideration for any tool that is expected to be used over a long period of time. The tool should be designed with maintainability in mind, using techniques such as modular design, documentation, and version control to ensure that it can be easily updated, patched, and maintained over time.
