Question

A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. What is the BEST response to this situation?

Answer 1

To manage dormant user accounts for quarterly contractors, set up a process to activate and deactivate accounts based on work schedules and regularly review account activities.

Step-by-step explanation:

The best response to the situation where dormant user accounts belonging to quarterly contractors have been found during a security audit is to manage these accounts with a more flexible policy that reflects their intermittent usage pattern while keeping security in mind. Consider setting up a process to activate and deactivate these accounts based on when the contractors are scheduled to work. Furthermore, it might be wise to implement a procedure for the periodic review of such accounts to ensure that they are enabled only when needed and properly monitored for any suspicious activities. This helps maintain security without hindering the workflow of legitimate users.