CompTIA Security Plus Mock Test Q1598

A system administrator must configure the company’s authentication system to ensure that users will be unable to reuse the last ten passwords within a six months period. Which of the following settings must be configured? (Select Two)

A. Minimum password age
B. Password complexity
C. Password history
D. Minimum password length
E. Multi-factor authentication
F. Do not store passwords with reversible encryption

Correct Answer: A,C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1576

A recent review of accounts on various systems has found that after employees passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO)

A. Reverse encryption
B. Minimum password age
C. Password complexity
D. Account lockouts
E. Password history
F. Password expiration

Correct Answer: B,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q983

An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?

A. Password history
B. Password complexity
C. Password length
D. Password expiration


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a
user from changing his password to any of his previous 5 passwords. However, without a minimum password age setting, the user could change his password six times and cycle back
to his original password.

Incorrect Answers:
B: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. It will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
C: Password length determines the minimum number of characters your password should contain.It will not prevent users from changing their passwords multiple times to cycle back
to their original passwords. Therefore, this answer is incorrect.
D: Password expiration determines how long a password can be used for before it must be changed. Password expiration will force users to change their passwords but it will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh

CompTIA Security Plus Mock Test Q982

A recent review of accounts on various systems has found that after employees’ passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

A. Reverse encryption
B. Minimum password age
C. Password complexity
D. Account lockouts
E. Password history
F. Password expiration

Correct Answer: B,E
Section: Access Control and Identity Management

Explanation:
E: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow
a user from changing his password to any of his previous 5 passwords.
B: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password
history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is
the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the
same password for at least 30 days.

Incorrect Answers:
A: Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted. This will not prevent users from changing their passwords multiple
times to cycle back to their original passwords. Therefore, this answer is incorrect.
C: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. It will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
D: Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. Account lockout settings will
not prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
F: Password expiration determines how long a password can be used for before it must be changed. Password expiration will force users to change their passwords but it will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh

CompTIA Security Plus Mock Test Q961

An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).

A. Length of password
B. Password history
C. Minimum password age
D. Password expiration
E. Password complexity
F. Non-dictionary words


Correct Answer: B,C
Section: Access Control and Identity Management

Explanation:
In this question, users are forced to change their passwords every six weeks. However, they are able to change their password and enter the same password as the new password.
Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a
user from changing his password to any of his previous 5 passwords.
When a user is forced to change his password due to a maximum password age period expiring, (the question states that the network requires that the passwords be changed every
six weeks) he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back
round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30
would determine that when a user changes his password, he must continue to use the same password for at least 30 days.

Incorrect Answers:
A: The length of password determines how many characters a password must contain. It will not prevent users from changing their passwords multiple times to cycle back to their
original passwords.
D: Password expiration determines how long a password can be used for before it must be changed. In this question, the password expiration is 6 weeks. Password expiration will
force users to change their passwords but it will not prevent users from changing their passwords multiple times to cycle back to their original passwords.
E: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. . It will not
prevent users from changing their passwords multiple times to cycle back to their original passwords.
F: Non-dictionary words is a setting that determines that a password should not be a word that can be found in a dictionary. This is to prevent a “dictionary attack” where software can
be used to attempt to access a system by using the words of a dictionary as the password.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh

CompTIA Security Plus Mock Test Q959

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

A. Password age
B. Password hashing
C. Password complexity
D. Password history
E. Password length


Correct Answer: A,D
Section: Access Control and Identity Management

Explanation:
D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow
a user from changing his password to any of his previous 5 passwords.
A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password
history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is
the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the
same password for at least 30 days.

Incorrect Answers:
B: Hashing is a one-way function that creates a fixed-length output from an input of any length.
C, E: Password complexity combined with password length helps produce strong passwords, but can be recycled if password age and history is not configured.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 293, 315