CompTIA CASP+ (CAS-004) — Question 492

An organizational policy requires audits of access to all tools in order to identify users who have not logged in within the last 90 days. Users are then notified that if they wish to maintain access, they must log in to use these tools at least once in the next 90 days, or their accounts will be disabled. Which of the following security practices does this policy adhere to?

Answer options

• A. Risk appetite
• B. Least privilege
• C. Just-in-time access
• D. Job rotation
• E. Identity and access management

Correct answer: E

Explanation

The policy aligns with Identity and access management because it involves monitoring user access and ensuring that only active users maintain their credentials. The other options do not directly relate to managing user access based on login activity; for example, least privilege focuses on restricting access rights, while job rotation involves changing roles to reduce risk.