Option A: Automatically disabling users without a thorough analysis could lead to operational

disruptions. CIEM performs a comprehensive assessment, considering factors like API activity, to ensure

accurate detection of inactivity.

Option B: Reassigning roles without first verifying the user’s purpose or activity may increase security

risks. CIEM focuses on identifying and managing inactive users, not on role reassignment as a default

action.

Option C: While CrowdStrike Falcon excels at endpoint detection and response (EDR), it is not designed

for analyzing cloud identity and access management (IAM) activities. Relying on Falcon for such tasks is

both inefficient and ineffective compared to using CIEM.

103/192

Option D: CIEM’s Identity Analyzer is specifically designed to monitor and analyze user activity

patterns across cloud environments. It can automatically detect inactive users based on their login, API

activity, and resource usage. This capability reduces the risk of overprivileged or orphaned accounts.

Using CIEM ensures efficiency and eliminates the manual overhead of user analysis.