CompTIA Security Plus Mock Test Q942

After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

A. Recovery
B. User assigned privileges
C. Lockout
D. Disablement
E. Group based privileges
F. Password expiration
G. Password complexity


Correct Answer: F,G
Section: Access Control and Identity Management

Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some
character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.

Incorrect Answers:
A: Recovery of a password requires that the password storage mechanism be reversible or that passwords be stored in multiple ways. Requiring passwords to be changed is more
secure than recovering them.
B: User assigned privileges can be assigned by the user. It will not ensure that all credentials must be changed within 90 days.
C: Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. The question states: “All
credentials will remain enabled regardless of the number of attempts made.”
D: Disablement automatically disables a user account or causes the account to expire at a specific time and on a specific day. It will not ensure that all credentials must be changed
within 90 days.
E: Group-based privileges grants each group member the same level of access to a certain object. It will not ensure that all credentials must be changed within 90 days.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294