nerdexam
IBM

000-221 · Question #22

000-221 Question #22: Real Exam Question with Answer & Explanation

The correct answer is D. nuucp. Ipd, and guest. Accounts tied to legacy or optional services such as UUCP, line printing, and guest access are the safest candidates for removal under a least-privilege security policy.

Question

A new security policy dictates that unnecessary default user accounts be removed. Which default user IDs are most eligible for removal?

Options

  • Anobody and adm
  • Broot, sys and system
  • Cdaemon, Ipd, adm and guest
  • Dnuucp. Ipd, and guest

Explanation

Accounts tied to legacy or optional services such as UUCP, line printing, and guest access are the safest candidates for removal under a least-privilege security policy.

Common mistakes.

  • A. nobody is actively used by NFS and other services for unprivileged process isolation, and adm is used for system log and administrative tasks - both serve ongoing OS functions.
  • B. root, sys, and system are foundational system accounts required for normal OS operation and must not be removed.
  • C. daemon is a required system account that runs background OS processes; removing it would disrupt critical system services regardless of the security policy.

Concept tested. AIX default user account security hardening

Reference. https://www.ibm.com/docs/en/aix/7.3?topic=security-user-accounts

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 000-221 Practice