A security administrator is concerned about the strength of user’s passwords. The company does not
want to implement a password complexity policy. Which of the following can the security Administrator
implement to mitigate the risk of an online password attack against users with weak passwords?

Which of the following should be done before resetting a user’s password due to expiration?

The IT department has setup a website with a series of questions to allow end users to reset their own
accounts. Which of the following account management practices does this help?

An insurance company requires an account recovery process so that information created by an employee
can be accessed after that employee is no longer with the firm. Which of the following is the BEST
approach to implement this process?

A small company has a website that provides online customer support. The company requires an account
recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

Which of the following is a BEST practice when dealing with user accounts that will only need to be active
for a limited time period?

ABC company has a lot of contractors working for them. The provisioning team does not always get
notified that a contractor has left the company. Which of the following policies would prevent contractors
from having access to systems in the event a contractor has left?

Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company
network by using a former employee’s credential?

Which of the following security benefits would be gained by disabling a terminated user account rather
than deleting it?