Which control is commonly applied to guest accounts to reduce risk?

Study for the User Account Management Test. Enhance your skills with flashcards and multiple choice questions, each with hints and explanations. Be prepared for success!

Multiple Choice

Which control is commonly applied to guest accounts to reduce risk?

Explanation:
Guest accounts carry higher risk because they are temporary and may come from outside the usual trust boundary. The safest approach is to limit what they can do, for how long, and under proper oversight. Restricted access ensures they can reach only the resources necessary for their task. Expiration automatically revokes access when it’s no longer needed, reducing the window of opportunity for misuse. Activity monitoring keeps a record of what they do, enabling quick detection of unusual or unauthorized actions. Sponsor approvals add accountability and ensure there’s a clear need and justification for the access. Unrestricted access with no expiration would leave the environment exposed for an indefinite period. Automatic elevation after 24 hours undermines the principle of least privilege by granting more rights than necessary. Deactivation after 5 minutes would be impractical for legitimate tasks and does not provide the required oversight or scoped access.

Guest accounts carry higher risk because they are temporary and may come from outside the usual trust boundary. The safest approach is to limit what they can do, for how long, and under proper oversight. Restricted access ensures they can reach only the resources necessary for their task. Expiration automatically revokes access when it’s no longer needed, reducing the window of opportunity for misuse. Activity monitoring keeps a record of what they do, enabling quick detection of unusual or unauthorized actions. Sponsor approvals add accountability and ensure there’s a clear need and justification for the access.

Unrestricted access with no expiration would leave the environment exposed for an indefinite period. Automatic elevation after 24 hours undermines the principle of least privilege by granting more rights than necessary. Deactivation after 5 minutes would be impractical for legitimate tasks and does not provide the required oversight or scoped access.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy