An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be
returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
A.
Disable unnecessary contractor accounts and inform the auditor of the update.
B.
Reset contractor accounts and inform the auditor of the update.
C.
Inform the auditor that the accounts belong to the contractors.
D.
Delete contractor accounts and inform the auditor of the update.
Explanation:
A disabled account cannot be used. It is `disabled’. Whenever an employee leaves a company, the employee’s user account should be disabled. The question
states that the accounts are contractors’ accounts who would be returning in three months. Therefore, it would be easier to keep the accounts rather than deleting
them which would require that the accounts are recreated in three months time. By disabling the accounts, we can ensure that the accounts cannot be used; in
three months when the contractors are back, we can simply re-enable the accounts.
Incorrect Answers:
B: Resetting an account is typically something you would do with a computer account rather than a user account. Resetting an account clears the security identifier
associated with the account which effectively creates a different account with the same name. This would prevent any access to resources that was granted to the
original account. Disabling the accounts would be a better solution. Therefore, this answer is incorrect.
C: Informing the auditor that the accounts belong to the contractors would not prevent access to the accounts for the three months until the contractors return. This
answer does not improve security and is therefore incorrect.
D: It would be easier to keep the accounts rather than deleting them which would require that the accounts are recreated in three months time when the contractors
return. By disabling the accounts, we can ensure that the accounts cannot be used; then in three months when the contractors are back, we can simply re-enable
the accounts. Therefore, this answer is incorrect.