Human Resources suspect an employee is accessing the employee salary database. The administrator is
asked to find out who it is. In order to complete this task, which of the following is a security control that
should be in place?

A.
Shared accounts should be prohibited.

B.
Account lockout should be enabled

C.
Privileges should be assigned to groups rather than individuals

D.
Time of day restrictions should be in use

Explanation:
Since distinguishing between the actions of one person and another isn’t possible if they both use a
shared account, shared accounts should not be allowed. If shared accounts are being used, the
administrator will find the account, but have more than one suspect. To nullify this occurrence, Shared
accounts should be prohibited.
Incorrect Answers:
B: When a user repeatedly enters an incorrect password at logon, Account lockout automatically disables
their account someone attempts. Repeated incorrect logon attempts are not the issue in this instance.
C: Group-based privileges assign all members of a group a privilege or access to a resource as a collective.
Assigning privileges to groups won’t help the administrator find the suspect.
D: Time of day restrictions limits when a specific user account can log on to the network according to the
time of day. Time of day restrictions won’t help the administrator find the suspect.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 280, 293, 294