CompTIA CASP+ (CAS-004) — Question 344

A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?

Answer options

• A. Exporting reports from the system on a weekly basis to disable terminated employees' accounts
• B. Granting permission to human resources staff to mark terminated employees' accounts as disabled
• C. Configuring allowed login times for all staff to only work during business hours
• D. Automating a process to disable the accounts by integrating Active Directory and human resources information systems

Correct answer: D

Explanation

The correct answer is D because automating the account disabling process ensures immediate action upon employee termination, thus minimizing risks. Options A and B rely on manual intervention, which can lead to delays and human error, while option C does not directly address the issue of account management for terminated employees.