CompTIA A+ Core 2 (220-1002) — Question 160
A network administrator has noticed unusual activity with a user's login credentials on the network. The user is attempting multiple simultaneous login across the network, some of which are attempting to access workstations and servers to which the user does not have access.
Which of the following should the network administrator do NEXT?
Answer options
- A. Delete the user's AD account.
- B. Decrease the user's AD privileges.
- C. Disable the user's AD account.
- D. Reset the password on the user's AD account.
Correct answer: C
Explanation
Disabling the user's AD account (option C) is the most effective immediate action to prevent further unauthorized access. While deleting the account (option A) may seem like a solution, it does not stop current access attempts. Decreasing privileges (option B) does not prevent unauthorized access, and resetting the password (option D) could be futile if the account is still active and the user can continue trying to log in.