An internal auditing team would like to strengthen the password policy to support special
characters. Which of the following types of password controls would achieve this goal?

The systems administrator notices that many employees are using passwords that can be easily
guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this
risk?

Sara, a security manager, has decided to force expiration of all company passwords by the close
of business day. Which of the following BEST supports this reasoning?

A security administrator is concerned about the strength of user’s passwords. The company does
not want to implement a password complexity policy. Which of the following can the security
Administrator implement to mitigate the risk of an online password attack against users with weak
passwords?

Which of the following should be done before resetting a user’s password due to expiration?

The IT department has setup a website with a series of questions to allow end users to reset their
own accounts. Which of the following account management practices does this help?

An insurance company requires an account recovery process so that information created by an
employee can be accessed after that employee is no longer with the firm. Which of the following is
the BEST approach to implement this process?

A small company has a website that provides online customer support. The company requires an
account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

A user has forgotten their account password. Which of the following is the BEST recovery
strategy?

Which of the following is a BEST practice when dealing with user accounts that will only need to
be active for a limited time period?