QS0029-03: Password Control Policy Flashcards
QS0029-02: Password Control Policy
Describe the meaning of “User-level account.”
Accounts created for use by individuals that will be accessing assets
QS0029-02: Password Control Policy
How is the “Service Account” defined?
An account that provides a security context for services, esp automated services. e.g., an account that runs a windows task, service, or cronjob, or is used to auto-pull from git or docker.
QS0029-02: Password Control Policy
How often should passwords for sensitive systems be changed?
Passwords must be changed at least every three months.
QS0029-02: Password Control Policy
What is NOT a best practice for password policy (summarize)?
Revealing or provide hints about your password to anyone, at any time, ever.
Using the “Remember Password” feature of applications (e.g., Chrome, Bing, Outlook).
Storing passwords outside of the password vault - this includes paper.
QS0029-02: Password Control Policy
What should passwords not contain?
Personal information, names of family, and birthdate.
QS0029-02: Password Control Policy
What action you must consider if an account or password compromise is suspected?
Report the incident to DevOps and change all passwords.
QS0029-02: Password Control Policy
Where should be passwords stored?
In the company password vault.
