Company policy requires employees to change their passwords every 60 days. The security manager has verified all systems are configured to expire passwords after 60 days. Despite the policy and technical configuration, weekly password audits suggest that some employees have had the same weak passwords in place longer than 60 days. Which of the following password parameters is MOST likely misconfigured?
A. Minimum lifetime B. Complexity C. Length D. Maximum lifetime
The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?
A. Enforce password rules requiring complexity. B. Shorten the maximum life of account passwords. C. Increase the minimum password length. D. Enforce account lockout policies.
Correct Answer: A Section: Access Control and Identity Management
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some
character complexity, the more resistant it is to brute force attacks.
B: Reducing the maximum life of account passwords will require passwords to be changed at the end of that period. This will not make the new passwords less susceptible to brute
C: Increasing the password length will not make the new passwords less susceptible to brute force attacks.
D: Account lockout automatically disables an account due to repeated failed log on attempts. It will not make the new passwords less susceptible to brute force attacks.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 293
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?
A. Password history B. Password logging C. Password cracker D. Password hashing
Correct Answer: C Section: Access Control and Identity Management
The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Password-cracking tools compare hashes from
potential passwords with the hashes stored in the accounts database. Each potential password is hashed, and that hash value is compared with the accounts database. If a match is
found, the password-cracker tool has discovered a password for a user account.
A: Password History tracks previous passwords so as to prevent password reuse. It does not check password complexity.
B: Password logging will not check password complexity.
D: Passwords are usually stored in a hashed format. It does not check password complexity.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 318