ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 930 discussion

Actual exam question from CompTIA's SY0-501
Question #: 930
Topic #: 1
[All SY0-501 Questions]

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

  • A. Create different accounts for each region, each configured with push MFA notifications.
  • B. Create one global administrator account and enforce Kerberos authentication.
  • C. Create different accounts for each region, limit their logon times, and alert on risky logins.
  • D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by HOTTUB at Jan. 13, 2021, 8:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SophyQueenCR82
2 years, 1 month ago
A is the answer
upvoted 1 times
SophyQueenCR82
2 years, 1 month ago
sorry no C. Create different accounts for each region, limit their logon times, and alert on risky logins would be the BEST option to help mitigate the concern of hackers gaining access to the service account and pivoting through the global network. This approach would limit the impact of compromised credentials by providing unique accounts for each region with limited logon times and monitoring for any risky logins. Push MFA notifications (option A) could also be used, but it would not mitigate the risk of pivoting through the network. Enforcing Kerberos authentication (option B) and creating a guest account with password reuse blocking (option D) do not address the concern of privileged access and potential pivoting.
upvoted 1 times
...
...
Nome02
2 years, 5 months ago
A is not possible for any kind of scheduling coz service account is needed. C is the best choice and that can be configured for time based login with alerting on risky logons.
upvoted 1 times
...
ABYH
2 years, 5 months ago
Selected Answer: C
https://www.crowdstrike.com/blog/service-accounts-performing-interactive-logins/
upvoted 1 times
...
Mdrzaic
2 years, 7 months ago
Selected Answer: C
Answer is C. Service accounts are non-human privileged accounts used by applications and they cannot be protected by MFA.
upvoted 1 times
...
Mdrzaic
2 years, 7 months ago
A nswer is C. Service accounts are non-human privileged accounts used by applications and they cannot be protected by MFA.
upvoted 1 times
...
smitho
3 years, 5 months ago
A is the answer
upvoted 1 times
...
simo77
4 years ago
but there is a concern that hackers could gain access to the account and pivot throughout the global network MFA provide more security i go with A
upvoted 1 times
...
Funkydave
4 years ago
A. best answer B. no C. if the account was compromised, you can still login during specific times and it will only alert, which means too late. D.
upvoted 4 times
...
leesuh
4 years, 1 month ago
I say C but I'm hoping more responses can clearly explain why A would be correct
upvoted 1 times
leesuh
4 years, 1 month ago
Okay, I think I got it. So C sounds like simply Detection of an attack rather than actual mitigation. MFA (multifactor authentication)would take it a step further in mitigating attacker from gaining access into the network.
upvoted 1 times
...
whitehathehe
3 years, 11 months ago
"limit the logon times" what if the genuinely need to access the account due to emergency and because of this they wont be able to access the account. Could lead to dos
upvoted 3 times
...
...
Cindan
4 years, 1 month ago
Answer C is better than push notification. idk I am correct. It's just my thought
upvoted 2 times
...
Joker20
4 years, 3 months ago
MFA notifications , so Answer closer to Be A
upvoted 3 times
bobthebuilder55110
4 years, 3 months ago
I agree MFA is needed so, A , there is nothing wrong with c but a is better answer
upvoted 3 times
...
...
HOTTUB
4 years, 3 months ago
A friend of mine told me it should be C what are your opinions guys share ?
upvoted 4 times
Mohawk
4 years ago
Change a friend!!
upvoted 11 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago