4.4 Given a scenario, differentiate common account management practices. Flashcards
Guest Account
only should use them on a kiosk
Service account
an account for some equipment like HVAC typically admin
Least Privilege
giving the least amount of rights to do your job.
onboarding
bring a new person or equipment into the organization
offboarding
a person or equipment leaving your organization.
Permission auditing or review
twice a year review of accounts and permissions to verify accounts still have the appropriate permissions. used to combat privilege creep.
Usage Auditing and Review
audit what the account is doing.
designed to ensure that the account is being used in accordance with company security policies and being used for legitimate, work-related purposes.
TIme of Day restrictions
Limits when a user can log into their accounts and access resources based on the time of day,
Standard Naming Convention
A format for naming users accounts or equipment names
Account Maintenance
Making sure all employees have the appropriate rights and permissions
Group-Based Access Control
access control using groups that the users are placed into to allow or restrict permissions.
Credential Management
A Service or software designed to store, manage and track user credentials.
Group Policy
provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment.
Password Complexity
Refers to requiring the following in a password; – Password Length – Upper case letters – Lower case letters – Numbers – Special characters such as !@#$% etc
Expiration
Refers to the maximum age of a password or account
Disablement
also called account expiration
Recovery
process of admin getting your password back
Its better to just change it instead recovering
Lockout
Locks a user account after a set number of failed logon attempts.
Password History
Determines the number of unique passwords that must be used before an old one can be reused.
“Can’t be any of your previous 10 passwords”
Password Reuse
Using a single password on multiple separate accounts. NOT the same as history
“You cannot use the same password here that you used in windows”
Password Length
Determines the minimum number of characters a password can have.
“your password must be 16 charactors”
Your company has several shifts of workers. Overtime and changing shifts is prohibited due to the nature of the data requirements of the contract. To ensure that workers are able to log into the IT system only during their assigned shift, you should implement what type of control?
A. Multifactor Authentication
B. Time-of-day restrictions
C. Location Restrictions
D. Account lockout
B. Time-of-day restrictions
You are installing a new network service application. The application requires a variety of permissions on several resources and even a few advanced user rights in order to operate properly. Which type of account should be created for this application to operate under?
A. Service
B. User
C. Privileged
D. Generic
A. Service
Which of the following is a recommended basis for reliable password complexity?
A. Require that each administrator have a normal user account in additions to a privileged account.
B. Allow for maximum of three failed log on attempts before locking the account.
C. Require that a password have 16 characters and be changed regularly.
D. Minimum of eight characters; include representations of at least three of the four character types.
D. Minimum of eight characters; include representations of at least three of the four character types.
