4.4 Given a scenario, differentiate common account management practices.

Question 1

Guest Account

Answer 1

only should use them on a kiosk

Question 2

Service account

Answer 2

an account for some equipment like HVAC typically admin

Question 3

Least Privilege

Answer 3

giving the least amount of rights to do your job.

Question 4

onboarding

Answer 4

bring a new person or equipment into the organization

Question 5

offboarding

Answer 5

a person or equipment leaving your organization.

Question 6

Permission auditing or review

Answer 6

twice a year review of accounts and permissions to verify accounts still have the appropriate permissions. used to combat privilege creep.

Question 7

Usage Auditing and Review

Answer 7

audit what the account is doing.
designed to ensure that the account is being used in accordance with company security policies and being used for legitimate, work-related purposes.

Question 8

TIme of Day restrictions

Answer 8

Limits when a user can log into their accounts and access resources based on the time of day,

Question 9

Standard Naming Convention

Answer 9

A format for naming users accounts or equipment names

Question 10

Account Maintenance

Answer 10

Making sure all employees have the appropriate rights and permissions

Question 11

Group-Based Access Control

Answer 11

access control using groups that the users are placed into to allow or restrict permissions.

Question 12

Credential Management

Answer 12

A Service or software designed to store, manage and track user credentials.

Question 13

Group Policy

Answer 13

provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment.

Question 14

Password Complexity

Answer 14

Refers to requiring the following in a password;
– Password Length
– Upper case letters
– Lower case letters
– Numbers
– Special characters such as !@#$% etc

Question 15

Expiration

Answer 15

Refers to the maximum age of a password or account

Question 16

Disablement

Answer 16

also called account expiration

Question 17

Recovery

Answer 17

process of admin getting your password back

Its better to just change it instead recovering

Question 18

Lockout

Answer 18

Locks a user account after a set number of failed logon attempts.

Question 19

Password History

Answer 19

Determines the number of unique passwords that must be used before an old one can be reused.
“Can’t be any of your previous 10 passwords”

Question 20

Password Reuse

Answer 20

Using a single password on multiple separate accounts. NOT the same as history
“You cannot use the same password here that you used in windows”

Question 21

Password Length

Answer 21

Determines the minimum number of characters a password can have.
“your password must be 16 charactors”

Question 22

Your company has several shifts of workers. Overtime and changing shifts is prohibited due to the nature of the data requirements of the contract. To ensure that workers are able to log into the IT system only during their assigned shift, you should implement what type of control?

A. Multifactor Authentication
B. Time-of-day restrictions
C. Location Restrictions
D. Account lockout

Answer 22

B. Time-of-day restrictions

Question 23

You are installing a new network service application. The application requires a variety of permissions on several resources and even a few advanced user rights in order to operate properly. Which type of account should be created for this application to operate under?

A. Service
B. User
C. Privileged
D. Generic

Answer 23

A. Service

Question 24

Which of the following is a recommended basis for reliable password complexity?

A. Require that each administrator have a normal user account in additions to a privileged account.
B. Allow for maximum of three failed log on attempts before locking the account.
C. Require that a password have 16 characters and be changed regularly.
D. Minimum of eight characters; include representations of at least three of the four character types.

Answer 24

D. Minimum of eight characters; include representations of at least three of the four character types.