Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords.
Which of the following technical controls would help prevent these policy violations? (Select two.)
A.
Password expiration
B.
Password length
C.
Password complexity
D.
Password history
E.
Password lockout
how would a. Password expiration help with same weak passwords? wouldn’t
C.
Password complexity make more sense?
3
1
I agree!
3
1
I would say that the right answers are C and D.
11
1
It’s GOT to be C and D.
complexity addresses the “weak passwords” issue
password history addresses the “Reusing old passwords” issue
6
1
On the on hand you guys right. But on the other hand we have to points in this phrase: “same weak passwords”
– same password. I suppose we can consider it as passwords are no expire
– weak password. Who tells you that to improve this flaw you need to implement exactly password complexity, and not increase password length? Obviously both actions are required. Moreover, increasing password length is more effective than password complexity.
So, we need to improve 3 points:
– users can reuse old passwords
– users are able to not change passwords for a long time
– passwords are weak
As I explained to improve weak password we need to chose “Complexity” and “length”, but this remains us without ability to choose “password history” which is definitely one of 2 correct answers. So, just logically we should choose “Password expiration” which will improve “same passwords issue”.
What about weak passwords? I really don’t know why question creator set this word here. But it is 100% that there is no ability to chose only 2 answers, which will meet all question’s conditions.
3
0
C & D. Users would not be setting and reusing these passwords unless there already was an expiry policy in place. They would just have a password and they would use it. That rules out A.
3
1
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Consider this:
1)Policies has been implemented already. they must have expiration in place because they users continue setting their password.
2)Users continue to set the same weak and old password, because they expired, otherwise they wont have to set it again. So expiration is redundant as answer.
3) weak and old should be your clues. because they are reused they are old but at the same time weak because lack of complexity.
C and D are the answer in my opinion. Hope this help everyone.
4
1