CompTIA Security Plus Mock Test Q953

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

A. Annual account review
B. Account expiration policy
C. Account lockout policy
D. Account disablement


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to
expire at a specific time and on a specific day.

Incorrect Answers:
A: An account review would conclude if users have been suitably completing their work tasks or whether there have been failed and/or successful attempts at violating company
policies or the law. It would not prevent contractors from having access to systems in the event a contractor has left.
C: Account lockout automatically disables an account due to repeated failed log on attempts. It would not prevent contractors from having access to systems in the event a contractor
has left.
D: The question states: “The provisioning team does not always get notified that a contractor has left the company”. Therefore, disabling an account needs to happen automatically.
The account expiration policy meets the requirements.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294.