Ann was reviewing her company’s event logs and observed several instances of GUEST
accessing the company print server, file server, and archive database. As she continued to
investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but
mostly after the weekly automated patching and often logging in at the same time. Which of the
following would BEST mitigate this issue?

A.
Enabling time of day restrictions

B.
Disabling unnecessary services

C.
Disabling unnecessary accounts

D.
Rogue machine detection

Explanation:
User account control is a very important part of operating system hardening. It is important that
only active accounts be operational and that they be properly managed. This means disabling
unnecessary accounts.
Enabled accounts that are not needed on a system provide a door through which attackers can
gain access. You should disable all accounts that are not needed immediately—on servers and
workstations alike. Here are some types of accounts that you should disable:
Employees Who Have Left the Company: Be sure to disable immediately accounts for any
employee who has left the company. This should be done the minute employment is terminated.
Temporary Employees: It is not uncommon to create short-term accounts for brief periods of time
for access by temporary employees. These also need to be disabled the moment they are no
longer needed.
Default Guest Accounts: In many operating systems, a guest account is created during installation
and intended for use by those needing only limited access and lacking their own account on the
system. This account presents a door into the system that should not be there, and all who have
worked with the operating system knows of its existence, thus making it a likely target for
attackers.