ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 700 discussion

Actual exam question from CompTIA's SY0-501
Question #: 700
Topic #: 1
[All SY0-501 Questions]

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.)

  • A. Privileged accounts
  • B. Password reuse restrictions
  • C. Password complexity requirements
  • D. Password recovery
  • E. Account disablement
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by deye at June 12, 2020, 3:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kudojikuto
Highly Voted 5 years, 1 month ago
Answer: B,C When a wrong password is entered X times, if the right policy is enabled, the account will be locked out for a period of time or until an admin will unlock it. When a user leaves an organization, the account is disabled, so this is not a correct answer for this case.
upvoted 11 times
...
hakanb
Highly Voted 4 years, 2 months ago
B, C makes more sense then B,E
upvoted 5 times
...
jemusu
Most Recent 4 years, 1 month ago
E, not B since Account disablement does not mean account lockout after number x of incorrect password. It means that it will disable accounts that are not being used such as Guest Account or Resigned employees etc
upvoted 1 times
...
fonka
4 years, 1 month ago
Disabling is preferred over deleting the account, at least initially. If administrators delete the account, they also delete any encryption and security keys associated with the account. However, these keys are retained when the account is disabled. As an example, imagine that an employee encrypted files with his account. If the account was deleted, these files may remain encrypted forever unless the organization has a key escrow or recovery agent that can access the files.
upvoted 1 times
...
JoaoIRB
4 years, 2 months ago
Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.
upvoted 2 times
...
L1singh
4 years, 4 months ago
Key works ensure security, while ensuring functionality. The answers I will choose on the exam are B and C. Both increase security whilst maintaining functionality. Account Disabling is good - but it cannot be concluded that account disabling is not the same as account lockout. It could mean disable after x incorrect attempts, when a user leaves disable account. No matter what the case they both result in loss of functionality.
upvoted 1 times
...
nakres64
4 years, 5 months ago
B, C.. They are in the same category.
upvoted 2 times
...
Brian2244
4 years, 7 months ago
Account disablement doesn't ensure functionality. I'd go with B and C instead.
upvoted 2 times
maudsha
4 years, 5 months ago
but it ensures security. isn't it? As an example for system hardening, you can disable some accounts
upvoted 1 times
...
...
exiledwl
4 years, 7 months ago
Surprised more people haven't commented on this. EPSBAL is wrong when he says that account disablement is 'disable account after x-number invalid attempts'. That concept is account lockout. Account disablement is when something you do for former employee accounts, unused accounts, etc when the account is no longer needed and can pose a security risk by remaining active. I believe the correct answers are B and C.
upvoted 3 times
...
Iyake
4 years, 8 months ago
what is a legacy system
upvoted 2 times
exiledwl
4 years, 7 months ago
An old system that can have out of date software/OS that could potentially have exposable vulnerabilities in today's age. Something like WEP is considered legacy.
upvoted 1 times
...
...
Irv_NewJersey
4 years, 9 months ago
SSO is not available on the legacy apps so you'll need to disable the accounts on them separately when the time comes. Account disablement is not the same as account lockout.
upvoted 2 times
...
Not_My_Name
4 years, 10 months ago
C and E look correct to me. Password complexity is always a good thing to increase security of systems and account disablement can be used to mitigate brute force attacks. Unfortunately, B is also a good answer -- thanks for the confusion CompTIA.
upvoted 3 times
Not_My_Name
4 years, 10 months ago
My mistake - account disablement is used to disable unused accounts. This is still a good practice to harden a system, so I believe E is still correct.
upvoted 4 times
who__cares123456789___
4 years, 7 months ago
Disable the account? When they specify "insure functionality"? Hmmm...that's is the best way to ensure functionality? I call BS! Now maybe you thought it said insure dis-functionality? Maybe you need to revisit the book! Just a thought! Sorry to be crass, just been at this awhile and headache could be alleviated if people don't fire off when they don't actually know!
upvoted 2 times
Groove120
4 years, 7 months ago
Two key concepts in that passage "secure as possible" and "ensure functionality." He addresses the former, you address the latter. And since CompTia are tech-oriented not English-oriented, ambiguity permeates the entire exam. This passage says "apps use" not "apps require" usernames and passwords. I'm actually reading this as they require service accounts, or a specially-configured user account. Therefore any other system account should be disabled for hardening. Both points can be argued because as usual, the wording of the questions are so non-specific and really just piss-poor in most cases.
upvoted 2 times
...
...
...
...
babati
4 years, 11 months ago
CompTIA word play: Account lockout threshold/ duration Specify a maximum number of incorrect logon attempts within a certain period. Once the maximum number of incorrect logons has been reached, the server disables the account. This prevents hackers from trying to gain system access using lists of possible passwords. Note: Password reuse can also mean using a work password elsewhere (on a website, for instance). Obviously, this sort of behavior can only be policed by soft policies.
upvoted 2 times
...
deye
5 years, 2 months ago
what is Account disablement
upvoted 1 times
EPSBAL
5 years, 1 month ago
Disable account after x-number invalid attempts.
upvoted 6 times
Crimson
5 years, 1 month ago
So is this the same as password lockout?
upvoted 2 times
Teza
4 years, 11 months ago
Yes, it is
upvoted 2 times
DookyBoots
4 years, 8 months ago
No, it isn't. Account disablement is usually associated with disabling accounts such as Guest accounts. It is not the same as lockouts, which happen with too many failed password attempts.
upvoted 7 times
who__cares123456789___
4 years, 7 months ago
B and C, as EPSBAL is likely high and confrused...lol
upvoted 3 times
...
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel