CompTIA Security Plus Mock Test Q1529

Ann, a security administrator is hardening the user password policies. She currently has the following in place.
Passwords expire every 60 days
Password length is at least eight characters
Passwords must contain at least one capital letter and one numeric character
Passwords cannot be reused until the password has been changed eight times
She learns that several employees are still using their original password after the 60-day forced change. Which of the following can she implement to BEST mitigate this?

A. Lower the password expiry time to every 30days instead of every 60 days
B. Require that the password contains at least one capital, one numeric, and one special character
C. Change the re-usage time from eight to 16 changes before a password can be repeated
D. Create a rule that users can only change their passwords once every two weeks

Correct Answer: D
Section: Mixed Questions