A security administrator would like to ensure that system administrators are not using the same password
for both their privileged and non-privileged accounts. Which of the following security controls BEST
accomplishes this goal?

A.
Require different account passwords through a policy

B.
Require shorter password expiration for non-privileged accounts

C.
Require shorter password expiration for privileged accounts

D.
Require a greater password length for privileged accounts

Explanation:
A password policy aka account policy enforcement can be configured in such a way so as to make sure
that system administrators make use of different passwords for different accounts.
Incorrect Answers:
B: Password expiration does not enforce the use of different passwords for different accounts. It is used
as a disablement tool.
C: Shorter password expiration is still just a disablement tool and will not enforce the use of different
passwords for different accounts.
D: Password length serves to make it more complex so as to strengthen the password and not to enforce
the use of different passwords for different accounts.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291, 293