According to CEH v13 Cloud Computing, improper identity and access management (IAM) is one of the most common causes of cloud security incidents. When former employees retain access to cloud resources, it represents a failure in user lifecycle management, specifically in the de-provisioning phase.

Timely user de-provisioning ensures that when an employee leaves the organization or changes roles, all associated access rights—API keys, IAM roles, credentials, tokens, and permissions—are immediately revoked. CEH v13 emphasizes that cloud environments magnify this risk because access is often centralized and remote, meaning former employees can access systems from anywhere.

Options A, B, and C are supportive security practices but do not directly address the root cause. Multi-cloud models do not prevent unauthorized access. Traffic analysis may detect misuse after the fact but does not prevent it. Penetration testing identifies vulnerabilities but does not manage user access.

CEH v13 explicitly identifies timely de-provisioning as a critical cloud security control to prevent insider threats, privilege abuse, and compliance violations. Therefore, Option D is the correct answer.