How would you detect and respond to a compromised user account?

Study for the User Account Management Test. Enhance your skills with flashcards and multiple choice questions, each with hints and explanations. Be prepared for success!

Multiple Choice

How would you detect and respond to a compromised user account?

Explanation:
Detecting and responding to a compromised account hinges on spotting signs of misuse and acting quickly to limit damage. The strongest approach looks for indicators like unusual sign-in patterns, unexpected MFA prompts, or changes to devices or locations, because these are common clues that someone other than the legitimate user is trying to access the account. When something suspicious is found, you contain the incident by isolating the account to stop further access, reset credentials to invalidate stolen passwords, revoke active sessions or tokens to cut off any authorized access the attacker may still have, and review logs to understand what happened and what else might be affected. This combination of proactive detection and targeted containment minimizes dwell time and reduces the impact on the organization. Disabling all accounts globally is impractical and disruptive, not a targeted response. Simply increasing password length without addressing active sessions or how to revoke access won’t adequately detect or contain a compromise. Ignoring logs leaves you blind to the scope and nature of the incident, making it impossible to respond effectively.

Detecting and responding to a compromised account hinges on spotting signs of misuse and acting quickly to limit damage. The strongest approach looks for indicators like unusual sign-in patterns, unexpected MFA prompts, or changes to devices or locations, because these are common clues that someone other than the legitimate user is trying to access the account. When something suspicious is found, you contain the incident by isolating the account to stop further access, reset credentials to invalidate stolen passwords, revoke active sessions or tokens to cut off any authorized access the attacker may still have, and review logs to understand what happened and what else might be affected. This combination of proactive detection and targeted containment minimizes dwell time and reduces the impact on the organization.

Disabling all accounts globally is impractical and disruptive, not a targeted response. Simply increasing password length without addressing active sessions or how to revoke access won’t adequately detect or contain a compromise. Ignoring logs leaves you blind to the scope and nature of the incident, making it impossible to respond effectively.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy