An organization prefers to apply account permissions to groups and not individual users, but allows for exceptions that are justified. Some systems require a machine-to-machine data exchange and an associated account to perform this data exchange. One particular system has data in a folder that must be modified by another system. No user requires access to this folder; only the other system needs access to this folder.
Which of the following is the BEST account management practice?
A . Create a service account and apply the necessary permissions directly to the service account itself
B . Create a service account group, place the service account in the group, and apply the permissions on the group
C . Create a guest account and restrict the permissions to only the folder with the data.
D . Create a generic account that will only be used for accessing the folder, but disable the account until it is needed for the data exchange
E . Create a shared account that administrators can use to exchange the data but audit the shared account activity.
Answer: A
Leave a Reply