What is the DBA's recommendation regarding privileged accounts being used as service accounts?

• A. Privileged accounts are acceptable for service accounts
• B. Privileged accounts should never be used as service accounts
• C. Service accounts must always be monitored
• D. Service accounts should use temporary privileges

Answer: (B)

Using privileged accounts as service accounts is not a recommended practice because it poses significant security risks. Privileged accounts generally have elevated permissions that allow access to critical resources and sensitive information. When such privileged accounts are used as service accounts, they can become a target for attackers if the accounts are compromised. This could lead to unauthorized access to systems or data and potentially result in severe security breaches.

Service accounts are typically designed for specific applications or services rather than for individual user access. Keeping them separate from privileged accounts helps minimize risk and adheres to the principle of least privilege, which states that accounts should have only the permissions necessary to perform their required functions. By ensuring that service accounts do not carry privileged access, organizations can better control their security posture and reduce the potential impact of a compromised account.

The other options do not align with best practices surrounding the management of service accounts and privilege levels. Monitoring service accounts is important, but it does not mitigate the risks associated with using privileged accounts inappropriately, which makes that option less effective when compared to the core recommendation of maintaining a clear boundary between privileged accounts and service accounts.