CompTIA Security Plus Mock Test Q935

The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?

A. A security group
B. A group policy
C. Key escrow
D. Certificate revocation

Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related
to credentials, such as password complexity requirements, password history, password length, account lockout settings.

Incorrect Answers:
A: Active Drectory security groups are used to assign permissions to shared resources. It will not assist the system administrator in changing the administrator password across all
2000 computers in the organization.
C: Key escrow allows for copies of private keys and/or secret keys are retained securely by a centralized management system as a means of insurance or recovery in the event of a
lost or corrupted key. It will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.
D: Revoking a certificate will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291, 319
https://technet.microsoft.com/en-us/library/dn579255.aspx