PrepAway - Latest Free Exam Questions & Answers

A periodic review of user account management should NOT…

A periodic review of user account management should NOT determine:

PrepAway - Latest Free Exam Questions & Answers

A.
conformity with the concept of least privilege.

B.
whether active accounts are still being used.

C.
strength of user-chosen passwords.

D.
whether management authorizations are up-to-date.

Explanation:
Organizations should have a process for (1) requesting, establishing, issuing, and closing user accounts; (2)
tracking users and their respective access authorizations; and (3) managing these functions.
Reviews should examine the levels of access each individual has, conformity with the concept of least privilege,
whether all accounts are still active, whether management authorizations are up-to-date, whether required
training has been completed, and so forth. These reviews can be conducted on at least two levels: (1) on an
application-by-application basis, or (2) on a system wide basis.
The strength of user passwords is beyond the scope of a simple user account management review, since it
requires specific tools to try and crack the password file/database through either a dictionary or brute-force
attack in order to check the strength of passwords.
Incorrect Answers:
A: A periodic review of user account management should determine conformity with the concept of least
privilege.
B: A periodic review of user account management should determine whether active accounts are still being
used.
D: A periodic review of user account management should determine whether management authorizations are
up-to-date.


Leave a Reply