CompTIA Security+ (SY0-501) — Question 700

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

Answer options

• A. Create different accounts for each region, each configured with push MFA notifications.
• B. Create one global administrator account and enforce Kerberos authentication.
• C. Create different accounts for each region, limit their logon times, and alert on risky logins.
• D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

Correct answer: A

Explanation

Option A is the best choice because creating different accounts for each region with push MFA notifications adds an additional layer of security, making it harder for attackers to access the accounts. Option B is less effective as a single global administrator account poses a higher risk of compromise. Option C, while it includes limiting logon times and alerting on risky logins, still does not provide the same level of proactive security as option A. Option D is inadequate because guest accounts generally have limited permissions and may not be appropriate for administrative tasks.