4: 4 Account Management

Question 1

Accounts Management

Answer 1

Implement least privilege, separation of duty,, job rotation, and account lifecycle

Question 2

Principle of least privilege

Answer 2

Minimum necessary permissions to perform duties

Question 3

Separation of Duties

Answer 3

Sensitive functions should require action by two separate users

Question 4

Job Rotation

Answer 4

Regularly move people between jobs to prevent fraud

Question 5

Mandatory Vacation

Answer 5

Enforce periods of time when employee has no access to system, to ensure some frauds can come to light

Question 6

Account Management Lifecycle

Answer 6

Provisioning new user access + entitlements, modifying entitlements when needed, reviewing access when needed, removing access, and deprovisioning.

Question 7

User Account

Answer 7

Standard permissions and standard monitoring

Question 8

Privileged accounts

Answer 8

Have administrative rights, require strong controls including logging every action

Question 9

Guest accounts

Answer 9

Has limited permissions and temporary lifetimes

Question 10

Shared accounts

Answer 10

Reduces accountability, should not be used.

Question 11

Service Accounts

Answer 11

Provides access for internal server process, password shouldn’t be known by anyone.

Question 12

GPO

Answer 12

Group Policy Object - applies configuration settings to users and computers

Question 13

Password policy

Answer 13

Using requirements to ensure passwords are resistant to attacks - length requirements, different character types, password history/reuse requirements

Question 14

Lockout Policy

Answer 14

Locks out accounts after a number of incorrect login accounts

Question 15

Password recovery methods

Answer 15

Allows users to reset passwords on self-service basis, to alleviate burden on help-desks.

Question 16

Inaccurate Permissions

Answer 16

Block work capabilities or violates least privilege

Question 17

How do you protect against inaccurate permissions?

Answer 17

User Account Audit - pull list of permissions and review with managers, then make necessary adjustments

Question 18

How do you protect against unauthorized use?

Answer 18

Use continuous account monitoring systems that watch for suspicious activities (impossible travel time logins, unusual network location logins, deviations in behavior/amount of data sent)

Question 19

Geotagging

Answer 19

Tags logs with user location

Question 20

Geofencing

Answer 20

Alerts administrators to devices leaving defined boundaries

Question 21

Password Vaulting

Answer 21

Stores administrative passwords, so nobody knows the actual passwords of the privileged account

Question 22

Command Proxying

Answer 22

Eliminates the need for direct server access by sending commands that are validated for authority

Question 23

Emergency Access Workflow

Answer 23

When a user needing to bypass the privileged account manager, requiring approval, logging access and changing password afterword.

Question 24

Provisioning

Answer 24

After onboarding an individual, creating authentication credentials and providing appropriate authorizations.

Question 25

Deprovisioning

Answer 25

Remove credentials and authorizations at the appropriate time.

Question 26

Routine Workflow

Answer 26

Disables accounts on scheduled basis for planned departures