An administrator notices that former temporary employees’ accounts are still active on a domain. Which of the following can be implemented to increase security
and prevent this from happening?
A.
Implement a password expiration policy.
B.
Implement an account expiration date for permanent employees.
C.
Implement time of day restrictions for all temporary employees.
D.
Run a last logon script to look for inactive accounts.
Explanation:
You can run a script to return a list of all accounts that haven’t been used for a number of days, for example 30 days. If an account hasn’t been logged into for 30
days, it’s a safe bet that the user the account belonged to is no longer with the company. You can then disable all the accounts that the script returns. A disabled
account cannot be used to log in to a system. This is a good security measure. As soon as an employee leaves the company, the employees account should
always be disabled.
Incorrect Answers:
A: A password expiration policy is always a good idea as it forces users to change their passwords regularly. However, an expired password does not prevent you
logging in. When you log in using an account with an expired password, you are prompted to change the password.
Therefore, this answer is incorrect.
B: Implementing an account expiration date for permanent employees is not a good idea. When the accounts expire, no one would be able to log in. Account
expiration is useful for temporary employees (where you know when they will be leaving), not permanent employees. Therefore, this answer is incorrect.
C: Time of day restrictions will restrict users to logging in at certain times of the day only (for example: during office hours). However this does not prevent people
logging in during the allowed hours. Therefore, this answer is incorrect.