To address the question regarding the timing for an automatic session lock due to inactivity:
1. Understanding the Requirement: The question asks if an automatic session lock should occur after a maximum of two hours of inactivity. This involves determining whether or not two hours is an appropriate and sufficient time frame for a session to lock itself automatically if no activity is detected.
2. Analyzing the Inactivity Timeout: Two hours, equivalent to 120 minutes or 7200 seconds, is quite a lengthy period of inactivity. In many security policies, especially in environments that handle sensitive information, automatic session locks are crucial to prevent unauthorized access when a user leaves their session unattended. A timeout period minimizes the risk of unauthorized access.
3. Evaluating the Answer: Considering standard practices and security protocols in place across many systems, a maximum of two hours of inactivity for an automatic session lock is indeed a reasonable measure. It aligns with typical security policies aimed at ensuring that sessions do not remain open indefinitely when not in use.
Thus, the appropriate answer to the question is:
True - An automatic session lock should occur after a maximum of two hours of inactivity.
