KT-CG Policy adherence

Developers bypass code review using emergency break-glass accounts weekly. Issue?

Multiple choice — select one answer

Answer choices

  1. a. Proves MFA is unnecessary for engineers who understand security, without security or identity team coordination per policy.
  2. b. Required for SOC 2 Type I reports only, not operational security
  3. c. Break-glass is being normalized; tighten approvals, logging, and time limits
  4. d. Shows healthy agility; break-glass should replace standard change management, without security or identity team coordination per policy.

Architectural breakdown & explanation

Emergency access must be rare, logged, and reviewed—not a daily workflow.

Correct answer(s): c. Break-glass is being normalized; tighten approvals, logging, and time limits

Exam domain: Policy adherence (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Compliance & Governance bank. Run a full timed practice exam with domain-weighted random questions in your browser.