How must user accounts for exiting employees be handled?

A.
Disabled, regardless of the circumstances

B.
Disabled if the employee has been terminated

C.
Deleted, regardless of the circumstances

D.
Deleted if the employee has been terminated

Explanation:
You should always disable an employee’s account as soon as they leave. The employee knows the
username and password of the account and could continue to log in for potentially malicious purposes.
Disabling the account will ensure that no one can log in using that account.
Incorrect Answers:
B: You should always disable an employee’s account as soon as they leave regardless of why they are
leaving. A terminated employee might be more likely to log in for malicious purposes but should you alsodisable the accounts of employees leaving through their own choice. Disabling any unused account is
always best practice.
C: There is no need to delete the account. The employee may come back to the company or a new
employee may join the company to replace the leaving employee. In this case, you could just rename the
disabled account, change the password and re-enable the account. The new employee would then have
the same access to resources as the ex-employee.
D: There is no need to delete the account. A new employee may join the company to replace the leaving
employee. In this case, you could just rename the disabled account, change the password and re-enable
the account. The new employee would then have the same access to resources as the ex-employee.