CompTIA Security Plus Mock Test Q946

A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

A. Increase the password length requirements
B. Increase the password history
C. Shorten the password expiration period
D. Decrease the account lockout time



Correct Answer: C

Section: Access Control and Identity Management

Explanation:
Reducing the password expiration period will require passwords to be changed at the end of that period. A password needs to be changed if it doesn’t meet the compliance
requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system
intrusion. This will give online password attackers less time to crack the weak passwords.

Incorrect Answers:
A: Increasing the password length will not make the new passwords less susceptible to online password attackers.
B: Password history tracks previous passwords to prevent password reuse. It will not make the new passwords less susceptible to online password attackers.
D: Account lockout automatically disables an account due to repeated failed log on attempts. When the account is unlocked it will still have the same weak password, and still
susceptible to online password attacks.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294