cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Nitesh
Newcomer II

Leave of absence

Dear Team

 

Need your inputs again..

 

An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

 

  • A. Revoke access temporarily.
  • B. Block user access and delete user account after six months.
  • C. Block access to the offices immediately.
  • D. Monitor account usage temporarily.

 I would say we have 2 answers here.

Option A & Option D 

 

Option AWhen employees leave an organisation for any reason, it is important to disable their user accounts as soon as possible. This includes when an employee takes a leave of absence. As the user leave period is extended so the user provisioning team should immediately revoke the user's access until his/her leave period to avoid any misuse.

 

Option D : Here could've been something malicious tied to the user account and HR want to do some investigate work without the user being around to see if the account was compromised by an internal or external bad actor so this option make sense.

 

As the question directs to the BEST action by IT team, I would like to go for Option D but if the question was related to FIRST action, i would have gone for Option A.

 

Any other thoughts??

 

Thanks

Nitesh

7 Replies
rslade
Influencer II

As Diana says, these questions are *really* badly written. But your thinking on
the answers is quite good.

Again, have a look at
https://community.isc2.org/t5/Exams/CISSP-questions/m-p/18626/

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Always forgive your enemies; nothing annoys them so much.
- Oscar Wilde
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Abdi_Dahir
Viewer II

Every environment is different but consider the following:
-Possibility a user could be required to access or have an account in the environment for any reason (timesheet, compliance, payroll, etc.)?
-Any suspicious user actively during their leave?
-User role (are they privilege or super user)

CISOScott
Community Champion

I would not choose D because of the word temporarily.

User accounts should be continuously monitored, whether or not the person is on leave.

tmekelburg1
Community Champion

Option E: Refer to the company's policy and procedure for actions to take. If you work for a company that doesn't have them, create them and get it approved. (Real world response) 

 

Option A is what this question is looking for though. 

dcontesti
Community Champion

@Nitesh 

 

I am not sure if all the questions are coming from the same source and whether or not you paid for them.

 

HOWEVER, I do suggest that you get you hands on the official study questions from (ISC)2.  They are prepared in the same fashion as the actual test.  They used to also include the right answer.  

 

As I see you rationalizing each of these answers I worry that you may not complete the exam.

 

I worry that you are studying from a source(s) that the questions are at best ambiguous and really do not have clear concise answers.  During the exam, you will be told to pick the most correct answer and you should not have to ponder, remember you don't have a lot of time to think about the questions.

 

Suggestions for your studying:

 

1. Find a chapter (local or virtual) that has study groups (put a post in the Chapters group asking if anyone has a study group or knows of one).

2. Get the (ISC)2 practice exam (I understand this may cost some money but may help with clarity) .  The Training Camp group do offer some questions for free.....a lost leader to them if they can get you to take their training.

3.  Check out the Community as there is an extremely long thread of questions posted here by Rob Slade.


https://community.isc2.org/t5/Exams/CISSP-questions/m-p/18626/

 

4. Last but not least,  keep asking questions when you are not sure of something....it actually challenges us.  Some of us at least.

 

All the best in your studying.

 

And to answer your question, based on wording , etc.  I would choose A.

 

Best

 

d

 

Steve-Wilme
Advocate II

The question is poorly written.  A leave of absence suggests that the employee may remain in an employment relationship, so this could simply be a short period of unpaid leave, equally it could be a sabbatical and for that many companies require the employment relationship to be terminated (effectively they agree to take you back into a similar position, but there are usually no guarantees).  A leave of absence for paternity or maternity leave id often treated differently again, with staff having a legal right to keep in touch with their employer, which many HR departments interpret as them needing to retain some of their system access.

 

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Nitesh
Newcomer II

Thanks for your advice.

 

I have my started my initial preparation with CBK and All in one CISSP by Shaun Harris and have completed the same with practise questions. Currently i am practising on online questions available on google and after this i am going to buy practise question from ISC2.

I agree there are some bad questions which can impact one's thought process. 

But i take your advise as i feel this is quite important for my exam preparation.

 

Please keep your advices and suggestion coming in.

Thanks again.

 

Regards

Nitesh