CompTIA Security+ (SY0-601) — Question 820

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

Answer options

• A. Create different accounts for each region, each configured with push MFA notifications.
• B. Create one global administrator account and enforce Kerberos authentication.
• C. Create different accounts for each region, limit their logon times, and alert on risky logins.
• D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

Correct answer: C

Explanation

Option C is the most effective as it combines region-specific accounts with restricted login times and monitoring for suspicious activities, significantly reducing the risk of account compromise. Options A and D, while providing some level of security, do not address the monitoring aspect or have less stringent controls. Option B relies on a single global account which increases the risk of widespread access if compromised.