PrepAway - Latest Free Exam Questions & Answers

To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers,

To ensure compliance with a security policy requiring that passwords be a combination of letters
and numbers, an IS auditor should recommend that:

PrepAway - Latest Free Exam Questions & Answers

A.
the company policy be changed.

B.
passwords are periodically changed.

C.
an automated password management tool be used.

D.
security awareness training is delivered.

Explanation:

The use of an automated password management tool is a preventive control measure. The
software would prevent repetition (semantic) and would enforce syntactic rules, thus making the
passwords robust. It would also provide a method for ensuring frequent changes and would
prevent the same user from reusing their old password for a designated period of time. Choices A,
B and D do not enforce compliance.


Leave a Reply