After a merger between two companies a security analyst has been asked to ensure that the organization’s
systems are secured against infiltration by any former employees that were terminated during the transition.
Which of the following actions are MOST appropriate to harden applications against infiltration by former
employees? (Choose two.)
A.
Monitor VPN client access
B.
Reduce failed login out settings
C.
Develop and implement updated access control policies
D.
Review and address invalid login attempts
E.
Increase password complexity requirements
F.
Assess and eliminate inactive accounts
Is there anybody who knows correct answer?
In many sources it is A&f, but on v.6 of set of 401 exam questons C&F presented as correct answer. Also some people in comments wrote C&F.
0
0
I doubt is A, you can’t stare and monitor VPN clients all the time. I would go with C instead of A, it’s easier to remove permissions to terminated employees.
Answer should be: C, F
5
0
Question asks to “harden applications against infiltration”.
Increasing password complexity requirements and removing/disabling unused accounts would fall under application hardening.
https://en.wikipedia.org/wiki/Hardening_(computing)
I’m leaning towards agreeing with E and F.
3
4