PrepAway - Latest Free Exam Questions & Answers

What should you do?

You have an enterprise subordinate certification authority (CA).
The CA issues smart card logon certificates.
Usersare required to log on to the domain by using a smart card.
Your company’s corporate security policystates that when an employee resigns, his ability to log on to
the network must be immediately revoked.
An employee resigns.
Youneed to immediately prevent the employee from logging on to the domain.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Revoke the employee’s smart card certificate.

B.
Disable the employee’s Active Directory account.

C.
Publish a new delta certificate revocation list (CRL).

D.
Reset the password for the employee’s Active Directory account.

Explanation:
http://blog.imanami.com/blog/bid/68864/Delete-or-disable-an-Active-Directory-account-One-best-practice
Delete or disable an Active Directory account? One best practice.
I was recently talking to a customer about the bestpractice for deprovisioning a terminated employee in Active
Directory. Delete or disable? Microsoft doesn’t give the clearest direction on this but common sensedoes.
The case for deleting an account is that, BOOM, no more access. No ifs ands or buts, if there is no account it
cannot do anything. The case for disabling an account is that all of the SIDs are still attached to the account
and you can bring it back and get the same access right away.
..
And then the reason for MSFT’s lack of direction came into play. Individual needs of the customer. This
particular customer is a public school system and they often lay off an employee and have to re-hire them the
next month or semester. They need that account back.


Leave a Reply