Which of the following should be done before resetting a user’s password due to expiration?

A.
Verify the user’s domain membership.

B.
Verify the user’s identity.

C.
Advise the user of new policies.

D.
Verify the proper group membership.

Explanation:
When resetting a password, users have to establish their identity by answering a series of personal questions,
using a hardware authentication token, or responding to a password notification e-mail. Users can then either
specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from
their workstation login prompt, or through a telephone call.