CompTIA Security Plus Mock Test Q699

An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?

A. A password that has not changed in 180 days
B. A single account shared by multiple users
C. A user account with administrative rights
D. An account that has not been logged into since creation


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
A user account with administrative rights has the same rights as an administrator account on a computer.
An administrator account is a user account that lets you make changes that will affect other users. Administrators can change security settings, install software and hardware, and
access all files on the computer. Administrators can also make changes to other user accounts.
This compares to a standard user (non-administrative) account which has limited rights on a computer. For example, a standard user account cannot install software, cannot make
system changes that would affect other users and cannot access other users’ files.
Therefore, a compromised user account with administrative rights has the potential for the most damage.

Incorrect Answers:
A: The time elapsed since a password change is likely to be irrelevant if the account has been compromised. If the password had expired due to not being changed within the required
time, the attacker would not be able to log in to the account. Therefore this answer is incorrect.
B: A compromised account that is shared by multiple users would not be able to do more damage than an account that is not shared except for being able to access the data of the
multiple users if they have data stored on the computer. Therefore this answer is incorrect.
D: An account that has not been logged into since creation would not be able to do more damage than an account that has been logged into. Therefore this answer is incorrect.

References:
http://windows.microsoft.com/en-gb/windows-vista/what-is-an-administrator-account