1.What risk is mitigated by the manager having to request the role for a new user? a) Terminated employees retain access after their departure date. b) Terminated employees do not retain access after their departure date. c) The manager may not approach the process of giving access with the principle of least privilege. d) The manager may approach the process of giving access with the principle of least privilege. 2. What does it mean to assign access "in keeping with the principle of least privileged?" a) Making sure the employee has the least amount of access in order to successfully perform his/her job role. b) Making sure the employee has more access than is required to successfully perform his/her job role. c) Making sure the employee has no access at all. d) Making sure all employees have the same level of access regardless of role. 3. Is the response to the low risk associated with not performing a user access review appropriate? What risks are the Company exposed to if without periodic UARs? a) Yes, potential unauthorized users may be able to get away with functions or be exposed to information that may be confidential. b) No, potential unauthorized users may be able to get away with functions or be exposed to information that may be confidential. c) No, terminated employees may retain access after their departure date. d) Yes, the Company is not exposed to any other risks

4. How would the ticketing system help streamline the de-provisioning process?