Which of the following questions can be answered using user and group entitlement reporting?
Correct Answer: D
User and group entitlement reporting is a process of collecting and analyzing the access rights and permissions of users and groups across the network. It can help answer questions such as where does a particular user have access within the network, what resources are accessible by a particular group, and who has access to a particular resource. User and group entitlement reporting can also help identify and remediate excessive or inappropriate access rights, enforce the principle of least privilege, and comply with security policies and regulations.
* A. When a particular file was last accessed by a user is not a question that can be answered using user and group entitlement reporting, but rather a question that can be answered using file auditing or logging.
* B. Change control activities for a particular group of users is not a question that can be answered using user and group entitlement reporting, but rather a question that can be answered using change management or configuration management.
* C. The number of failed login attempts for a particular user is not a question that can be answered using user and group entitlement reporting, but rather a question that can be answered using authentication or account management.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 3, page 138; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 3, page 114