Sec+ Performing Account Management Based On Best – Flashcards
Unlock all answers in this set
Unlock answersquestion
A system for securely managing credentials.
answer
Credential management
question
Requires users to create passwords that meet the following requirements: * Cannot contain the user's account name or parts of the user's full name; * Minimum eight characters; * Contain characters from at least three of the following four sets: A-Z, a-z, 0-9, Non-alpha characters (!, $, #, %);
answer
Password complexity
question
Policy that requires user to regularly change their password after a specified period of time elapses. Can help limit how long a hacker can access a hacked account.
answer
Password expiration
question
Policy that prevents users from reusing previously used passwords. For the best security, set it to 24 so that 24 unique passwords must be used by any given user before they can begin to reuse them.
answer
Password history
question
Policy that prevents users from immediately changing a new password to another value. Can help prevent hackers from changing a user's password.
answer
Password minimum age
question
Allows an administrator to change the value of a user's password in the event that they forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can remember.
answer
Password Recovery
question
Occurs when a user is attempting to log in but giving incorrect values; necessary to prevent a would-be attacker from repeatedly guessing at password values until they find a match. Can be configured in the Local Security Policy or the Group Policy for a domain.
answer
Account lockout
question
When a system locks an account, the duration before the account is unlocked, ranging from 0 (must be explicitly unlocked by admin) to 99,999 minutes.
answer
Account Lockout Duration
question
This setting determines how many incorrect attempts a user can give before the account is locked. Ranges from 0 (no lockout) to 999 failed attempts.
answer
Account Lockout Threshold
question
This value specifies the number of minutes to wait between counting failed login attempts that are part of the same batch of attempts. Values range from 0 to 99,999 minutes, and must be set with Account Lockout Threshold.
answer
Reset Account Lockout Counter After
question
Avoid using shared accounts with generic or no passwords (guest accounts and anonymous accounts). Shared passwords are more difficult to secure and the accounts accessed by multiple users are difficult to audit.
answer
Generic account prohibition
question
Privileges acquired as a result of belonging to a group, includes role-based access control (RBAC).
answer
Group-based privileges
question
Privileges that can be assigned by the user, includes discretionary access control (DAC).
answer
User-assigned Privileges
question
An ongoing audit of what resources a user actually accesses, critical for stop- ping insider threats.
answer
Continuous monitoring
question
A process to determine whether a user's access level is still appropriate, closely related to the concept of least privileges.
answer
User access review
