Can both active and inactive accounts be certified?

The statement that both active and inactive accounts can be certified is correct. In the context of identity governance and administration, certification is a crucial process used to ensure that access rights are appropriate and compliant with security policies. This process can apply to all accounts, regardless of their current state—whether they are active or inactive.

When certifying accounts, organizations need to assess both types to maintain security and compliance effectively. Certification for inactive accounts helps identify unused or unnecessary access, which can pose security risks if not reviewed even when the accounts are not actively in use. By including inactive accounts in the certification process, businesses can take necessary actions such as revoking access to mitigate potential risks associated with accounts that have been dormant for an extended period. This comprehensive approach reinforces stronger governance practices and aligns with best practices in identity management.

Consequently, the certification process is designed to encompass both active and inactive accounts, making the option stating that both can be certified the correct one.