CompTIA SecurityX (CAS-005) — Question 216

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field. Which of the following should the security team recommend first?

Answer options

• A. Investigating a potential threat identified in logs related to the identity management system
• B. Updating the identity management system to use discretionary access control
• C. Beginning research on two-factor authentication to later introduce into the identity management system
• D. Working with procurement and creating a requirements document to select a new IAM system/vendor

Correct answer: D

Explanation

The recommended first step is to select a new IAM system/vendor, as the current homegrown system is not compliant with security best practices. Investigating threats (A), updating the system for discretionary access control (B), and researching two-factor authentication (C) are important but secondary to ensuring that the foundational identity management system meets security standards.