During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts.
Which of the following should be performed?
A.
Account recovery
B.
Account disablement
C.
Account lockouts
D.
Account expiration
Explanation:
Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently
leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.
Incorrect Answers:
A: Account recovery is usually done in cases where users have forgotten their password which they use to access their accounts. In this case the users have left
the employment of the company.
C: The need to lock an account occurs when a user is attempting to log in but giving incorrect values; locking this account is necessary to prevent a would-be
attacker from repeatedly guessing at password values until they find a match.D: Account expiration is implemented when you want to force users to change their password to access their accounts on a regular basis.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 140, 141.