CompTIA Security Plus Mock Test Q983

An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?

A. Password history
B. Password complexity
C. Password length
D. Password expiration


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a
user from changing his password to any of his previous 5 passwords. However, without a minimum password age setting, the user could change his password six times and cycle back
to his original password.

Incorrect Answers:
B: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. It will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
C: Password length determines the minimum number of characters your password should contain.It will not prevent users from changing their passwords multiple times to cycle back
to their original passwords. Therefore, this answer is incorrect.
D: Password expiration determines how long a password can be used for before it must be changed. Password expiration will force users to change their passwords but it will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh