Final answer:
As a backup to RADIUS server authentication, it is advised to configure a local service account on network devices. This enables continued access if the RADIUS server becomes unavailable, ensuring the availability of critical network functions with a secure method of authentication that can be managed internally. The correct answer is option D. Local service account
Step-by-step explanation:
When a business is setting up new network devices and concerns arise about maintaining access amidst high personnel turnover, it's crucial to have backup authentication methods. Using a RADIUS server is a common practice for centralizing authentication for network devices. However, relying solely on remote authentication can be risky if issues with the RADIUS server or network connectivity arise. Therefore, it is advisable to configure a local service account as a backup.
The best choice for this scenario is D. Local service account. This type of account is created directly on the network devices themselves, allowing IT personnel to log in even if the RADIUS server is unreachable. A local service account should have limited privileges, enough to perform necessary functions without posing a significant security risk. These accounts should be documented, with access information securely stored and accessible by key personnel or in a secure emergency access procedure. To further enhance security, usage of these accounts should be logged and monitored regularly.
While options like Administrator/Root account or an individual administrator's user account might seem viable, these options create potential security risks and management issues. Root accounts have full control over the system and should be used sparingly due to the inherent risks. An individual administrator's user account is linked to that person and can lead to access issues upon their departure from the company.