Question

EXTRA CREDIT - 1 point! Scenario: A small business has implemented the best way to handle the few Service Accounts they have in their AD: They use a random password generator to set Service Account passwords, have 1 Service Account per service, and policies are set so that the accounts do not expire. The current passwords are not even stored anywhere. The company rigorously documents this setup, and diligently deprovisions accounts when services configurations change. The company has also implemented Account Monitoring, and know when any of the Service Accounts is being attempted to be used without the correct password, indicating an attack attempt. Due to the security sensitivity of the data accessible via the Service Accounts, any attack attempts will cause the service account to be disabled and IT staff alerted. Finally, the company has implemented a script that can be used to update the existing passwords -- resetting them via the only account delegated this authority: the Enterprise Root account. To ensure none of the IT staff can use the Enterprise Root account to reset a Service Account without consent, the password for the Enterprise Root account is only known to the company's CIO (Chief Information Officer), and is not stored anywhere. Identify (1) one major problem that you can see with this setup, and describe why this is a problem. There are multiple correct answers possible for this EXTRA CREDIT question.

Answer 1

A small business has implemented the best CIO:-

Though the setup is well planned but there is another drawback to that setup as the root password is with the company CIO. So, even in case of critical situation, if the CIO is somehow unavailable, the entire business will be inactive as users can't able to logon into the system as it is mentioned the service accounts can only be reset using the ROOT account. There should be other alternatives to this failure.

Step-by-step explanation: