Ann was reviewing her company’s event logs and observed several instances of GUEST accessing the
company print server, file server, and archive database. As she continued to investigate, Ann noticed that
it seemed to happen at random intervals throughout the day, but mostly after the weekly automated
patching and often logging in at the same time. Which of the following would BEST mitigate this issue?
A.
Enabling time of day restrictions
B.
Disabling unnecessary services
C.
Disabling unnecessary accounts
D.
Rogue machine detection
Explanation:
User account control is a very important part of operating system hardening. It is important that only
active accounts be operational and that they be properly managed. This means disabling unnecessary
accounts.
Enabled accounts that are not needed on a system provide a door through which attackers can gain
access. You should disable all accounts that are not needed immediately—on servers and workstations
alike. Here are some types of accounts that you should disable:
Employees Who Have Left the Company: Be sure to disable immediately accounts for any employee who
has left the company. This should be done the minute employment is terminated.
Temporary Employees: It is not uncommon to create short-term accounts for brief periods of time for
access by temporary employees. These also need to be disabled the moment they are no longer needed.Default Guest Accounts: In many operating systems, a guest account is created during installation and
intended for use by those needing only limited access and lacking their own account on the system. This
account presents a door into the system that should not be there, and all who have worked with the
operating system knows of its existence, thus making it a likely target for attackers.
Incorrect Answers:
A: Time of day restrictions specify when accounts can log on; for example, during office hours only. The
question states that the logins happen at random intervals ‘throughout’ the day. Time of day restrictions
will not prevent the logins during ‘authorized’ hours. Therefore, this answer is incorrect.
B: It is good practice to disable unnecessary services. However, this will not prevent the guest logins in
this question. Therefore, this answer is incorrect.
D: Rogue machine detection is the process of detecting machines that should not be on the network. This
will not prevent the guest logins in this question. Therefore, this answer is incorrect.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 57-58.