CompTIA Security+ (SY0-501) — Question 564

A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Choose two.)

Answer options

• A. Use a unique managed service account.
• B. Utilize a generic password for authenticating.
• C. Enable and review account audit logs.
• D. Enforce least possible privileges for the account.
• E. Add the account to the local administrators group.
• F. Use a guest account placed in a non-privileged users group.

Correct answer: A, D

Explanation

Using a unique managed service account (A) ensures that the service has a dedicated identity with specific permissions, reducing the risk of credential theft or misuse. Enforcing least privileges (D) means granting only the necessary permissions, further limiting potential exposure to attacks, while the other options either increase risk or do not effectively mitigate security vulnerabilities.