Ann was reviewing her company’s event logs and observed several instances of GUEST accessing the
company print server, file server, and archive database. As she continued to investigate, Ann noticed that it
seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and
often logging in at the same time. Which of the following would BEST mitigate this issue?
Enabling time of day restrictions
Disabling unnecessary services
Disabling unnecessary accounts
Rogue machine detection
User account control is a very important part of operating system hardening. It is important that only active
accounts be operational and that they be properly managed. This means disabling unnecessary accounts.
Enabled accounts that are not needed on a system provide a door through which attackers can gain access.
You should disable all accounts that are not needed immediately—on servers and workstations alike. Here are
some types of accounts that you should disable:
Employees Who Have Left the Company: Be sure to disable immediately accounts for any employee who has
left the company. This should be done the minute employment is terminated.
Temporary Employees: It is not uncommon to create short-term accounts for brief periods of time for access by
temporary employees. These also need to be disabled the moment they are no longer needed.
Default Guest Accounts: In many operating systems, a guest account is created during installation and intended
for use by those needing only limited access and lacking their own account on the system. This account
presents a door into the system that should not be there, and all who have worked with the operating system
knows of its existence, thus making it a likely target for attackers.