CompTIA Security Plus Mock Test Q936

A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts
B. Add the account to the Domain Administrator group
C. Add the account to the Users group on the hosts
D. Implement Group Policy to add the account to the Power Users group on the hosts.


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs),
which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all
Users groups in the domain will include the service account.

Incorrect Answers:
B: Adding the account to the Domain Administrator group will give the account full control of the domain. The account should have non-privileged access.
C: This is a valid course of action, but would require accessing the Users group on each individual host. The question asks for the most efficient method. Group policy is more efficient
that this option.
D: In previous versions of Windows, the Power Users group gave users specific administrator rights and permissions to perform common system tasks.The account should have nonprivileged
access.

References:
https://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
https://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc771990.aspx