CompTIA Security Plus Mock Test Q964

A security administrator is reviewing the below output from a password auditing tool:
Which of the following additional policies should be implemented based on the tool’s output?

A. Password age
B. Password history
C. Password length
D. Password complexity

Correct Answer: C
Section: Access Control and Identity Management

The output shows that all the passwords are either 4 or 5 characters long. This is way too short, 8 characters are shown to be the minimum for password length.

Incorrect Answers:
A: The output does not show how long the passwords have been in use.
B: The output does not show the password history.
D: The output shows that the password is indeed making use of complexity when it comes to the types of characters used.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139-140