A new audit reveals that certain groups in an identity repository inherited privileges across multiple domains that surpass their required roles. Which measure best resolves the underlying cause?
Change the domain’s functional level to the latest version
Remove membership from high-level groups while leaving others intact
Implement an intrusion detection system for the domain controllers
Adjust the nested group membership to match job requirements
Modifying the nested group membership structure addresses the underlying problem by limiting permissions to what is required, preserving least privilege. Removing membership from high-level groups alone might leave some incorrect inheritance paths unaddressed. Changing the domain’s functional level is about upgrading features, not fixing unauthorized privileges. Intrusion detection focuses on suspicious traffic, but it does not correct existing group assignments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is nested group membership in an identity repository?
Open an interactive chat with Bash
What is the principle of least privilege, and why is it important?
Open an interactive chat with Bash
How is changing a domain's functional level different from addressing permissions issues?