CISSP Practice Question: What would MOST likely happen if an organization fails to regularly review…
Published July 16, 2026 · Free daily CISSP practice question
What would MOST likely happen if an organization fails to regularly review user access rights?
Correct Answer: A. Increased risk of unauthorized access
Explanation (CISSP Manager Logic):
Neglecting regular access reviews leads to privilege creep and orphaned accounts, where users retain permissions no longer required for their roles. This creates significant security gaps and compliance failures by violating the principle of least privilege.
By performing regular access reviews, you:
- Enforce the principle of least privilege across the enterprise.
- Identify and disable dormant or orphaned accounts.
- Reduce the attack surface and mitigate internal risk.
While the other options are relevant, they fall short because:
- B: Efficiency decreases as unmanaged access creates technical debt and complex troubleshooting.
- C: Neglecting security hygiene does not improve satisfaction and often leads to identity conflicts.
- D: Long-term costs of breaches and regulatory fines far outweigh temporary labor savings.
Think like a manager:
Security is a continuous lifecycle, not a one-time event; regular audits ensure access remains aligned with current business needs and risk appetite.
Ready to find out if you'd pass?
5,000+ expert-calibrated questions, adaptive CAT mock exams, and gap analysis that shows exactly what to study next.
Try 5 free questions Start 7-day free trial