CompTIA Security Plus Mock Test Q947

Which of the following should be done before resetting a user’s password due to expiration?

A. Verify the user’s domain membership.
B. Verify the user’s identity.
C. Advise the user of new policies.
D. Verify the proper group membership.


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password
notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt,
or through a telephone call.

Incorrect Answers:
A, D: Domain membership and group membership depend on the user’s identity. Therefore, there identity has to be verified.
C: Advising the user of new policies will not help reset their password. Their identity will though.

References:
http://en.wikipedia.org/wiki/Self-service_password_reset