Which of the following is a BEST practice when dealing with user accounts that will only need to
be active for a limited time period?
A.
When creating the account, set the account to not remember password history.
B.
When creating the account, set an expiration date on the account.
C.
When creating the account, set a password expiration date on the account.
D.
When creating the account, set the account to have time of day restrictions.
Option B could be bad for auditing, whereas C would mean the account stays on the system (good for sec auditing) yet will not allow login past the required date.
With option “B”, user’s account will be disabled (all data is still there which is good for accounting down the road).