CompTIA Security Plus Mock Test Q938

An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).

A. Password Complexity
B. Password Expiration
C. Password Age
D. Password Length
E. Password History

Correct Answer: A,D
Section: Access Control and Identity Management

Explanation:
Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password
combined are vital factors in defining a password’s strength.

Incorrect Answers:
B, C: It is common practice for passwords to automatically expire after a specified period so as to compel users to change passwords. However, if it is a strong password, it can remain
static.
E: Password History tracks previous passwords so as to prevent password reuse.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 293