Difficulty: Easy
Correct Answer: Correct
Explanation:
Introduction / Context:
Authentication mode in Microsoft SQL Server determines how clients prove their identity. You can enable only Windows Authentication or use Mixed Mode (Windows Authentication plus SQL logins). Security guidance typically favors Windows-only authentication because it centralizes identity and policy enforcement in the operating system and Active Directory rather than keeping another password store inside SQL Server.
Given Data / Assumptions:
Concept / Approach:
Windows Authentication leverages Kerberos/NTLM, centralized password policies, account lockouts, smart cards/MFA, and group-based authorization. Mixed Mode adds SQL logins that are managed in SQL Server and are not governed by domain password policies unless explicitly configured via CHECK_POLICY and related options. Reducing credential stores generally reduces attack surface.
Step-by-Step Solution:
Verification / Alternative check:
Review security baselines and CIS/Microsoft guidance; confirm no legacy apps require SQL logins. Where exceptions exist, mitigate with strong, rotated, and disabled-by-default SQL logins.
Why Other Options Are Wrong:
Common Pitfalls:
Leaving the sa login enabled; weak SQL login policies; overlooking service accounts and application pools; failing to audit login failures.
Final Answer:
Correct
Discussion & Comments