question

A system for securely managing credentials.

answer

Credential management

question

Requires users to create passwords that meet the following requirements: * Cannot contain the user's account name or parts of the user's full name; * Minimum eight characters; * Contain characters from at least three of the following four sets: A-Z, a-z, 0-9, Non-alpha characters (!, $, #, %);

answer

Password complexity

question

Policy that requires user to regularly change their password after a specified period of time elapses. Can help limit how long a hacker can access a hacked account.

answer

Password expiration

question

Policy that prevents users from reusing previously used passwords. For the best security, set it to 24 so that 24 unique passwords must be used by any given user before they can begin to reuse them.

answer

Password history

question

Policy that prevents users from immediately changing a new password to another value. Can help prevent hackers from changing a user's password.

answer

Password minimum age

Unlock the answer

question

Allows an administrator to change the value of a user's password in the event that they forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can remember.

answer

Password Recovery

Unlock the answer

question

Occurs when a user is attempting to log in but giving incorrect values; necessary to prevent a would-be attacker from repeatedly guessing at password values until they find a match. Can be configured in the Local Security Policy or the Group Policy for a domain.

answer

Account lockout

Unlock the answer

question

When a system locks an account, the duration before the account is unlocked, ranging from 0 (must be explicitly unlocked by admin) to 99,999 minutes.

answer

Account Lockout Duration

Unlock the answer

question

This setting determines how many incorrect attempts a user can give before the account is locked. Ranges from 0 (no lockout) to 999 failed attempts.

answer

Account Lockout Threshold

Unlock the answer

question

This value specifies the number of minutes to wait between counting failed login attempts that are part of the same batch of attempts. Values range from 0 to 99,999 minutes, and must be set with Account Lockout Threshold.

answer

Reset Account Lockout Counter After

Unlock the answer

question

Avoid using shared accounts with generic or no passwords (guest accounts and anonymous accounts). Shared passwords are more difficult to secure and the accounts accessed by multiple users are difficult to audit.

answer

Generic account prohibition

Unlock the answer

question

Privileges acquired as a result of belonging to a group, includes role-based access control (RBAC).

answer

Group-based privileges

Unlock the answer

question

Privileges that can be assigned by the user, includes discretionary access control (DAC).

answer

User-assigned Privileges

Unlock the answer

question

An ongoing audit of what resources a user actually accesses, critical for stop- ping insider threats.

answer

Continuous monitoring

Unlock the answer

question

A process to determine whether a user's access level is still appropriate, closely related to the concept of least privileges.

answer

User access review

Unlock the answer

Sec+ Performing Account Management Based On Best – Flashcards

Unlock all answers in this set

Haven't found what you were looking for?

Search for samples, answers to your questions and flashcards