A recent review of accounts on various systems has found that after employees’ passwords are
required to change they are recycling the same password as before. Which of the following
policies should be enforced to prevent this from happening? (Select TWO).

A.
Reverse encryption

B.
Minimum password age

C.
Password complexity

D.
Account lockouts

E.
Password history

F.
Password expiration

Explanation:
E: Password history determines the number of previous passwords that cannot be used when a
user changes his password. For example, a password history value of 5 would disallow a user
from changing his password to any of his previous 5 passwords.
B: When a user is forced to change his password due to a maximum password age period
expiring, he could change his password to a previously used password. Or if a password history
value of 5 is configured, the user could change his password six times to cycle back round to his
original password. This is where the minimum password age comes in. This is the period that a
password must be used for. For example, a minimum password age of 30 would determine that
when a user changes his password, he must continue to use the same password for at least 30
days.