CompTIA Security Plus Mock Test Q943

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

A. Add reverse encryption
B. Password complexity
C. Increase password length
D. Allow single sign on

Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation, special characters, or
numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a password’s length and complexity.

Incorrect Answers:
A: Typical protocol components, like encryption and hash functions, can be reverse-engineered automatically by tracing the execution of protocol implementations and trying to identify
buffers in memory holding unencrypted packets. It will not strengthen the password policy to support special characters.
C: Increasing the password length will not necessarily support special characters.
D: Single sign-on means that once a user (or other subject) is authenticated into a realm, they need not re-authenticate to access resources on any realm entity. It will not strengthen
the password policy to support special characters.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 284, 292, 293
http://en.wikipedia.org/wiki/Reverse_engineering