Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential?

A.
Account expiration

B.
Password complexity

C.
Account lockout

D.
Dual factor authentication

Explanation:
Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes
the account to expire at a specific time and on a specific day.
Incorrect Answers:
B: Implementing password complexity would not work, as the user is a former employee and would not be there to change their password to a more complex one.
C: Account lockout automatically disables an account due to repeated failed log on attempts. Matt could get the password before reaching the log on attempt
threshold.
D: Matt could still discover both authentication factors to gain access. With the account disabled, there is no chance of that happening.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292- 294.