Several employee accounts appear to have been cracked by an attacker. Which of the following should
the security administrator implement to mitigate password cracking attacks? (Select TWO).

A.
Increase password complexity

B.
Deploy an IDS to capture suspicious logins

C.
Implement password history

D.
Implement monitoring of logins

E.
Implement password expiration

F.
Increase password length

Explanation:
The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing the
password complexity you make it more difficult.
Passwords that are too short can easily be cracked. The more characters used in a password, combined
with the increased complexity will mitigate password cracking attacks.
Incorrect Answers:
B: IDS (intrusion detection systems) can be implemented to capture suspicious logins, but that assumes
that the passwords are already cracked.
C: Password history implementation is used to prevent users changing their password to the same value
as the old one, or to one that they used the last time around, this might also be used by some crackers to
hack passwords and thus is not mitigating password attacks.
D: Monitoring the logins is part of auditing and does not mitigate the password cracking attacks.
E: Password expiration refers to the period of validity of passwords. Some crackers will even make use of
these expiry periods to crack passwords.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 139-140