After a recent internal audit, the security administrator was tasked to ensure that all credentials must be
changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All
credentials will remain enabled regardless of the number of attempts made. Which of the following types
of user account options were enforced? (Select TWO).
A.
Recovery
B.
User assigned privileges
C.
Lockout
D.
Disablement
E.
Group based privileges
F.
Password expiration
G.
Password complexity
Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types
for a password. The more characters in a password that includes some character type complexity, the
more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90
days.
Incorrect Answers:
A: Recovery of a password requires that the password storage mechanism be reversible or that
passwords be stored in multiple ways. Requiring passwords to be changed is more secure than recovering
them.B: User assigned privileges can be assigned by the user. It will not ensure that all credentials must be
changed within 90 days.
C: Account lockout settings determine the number of failed login attempts before the account gets locked
and how long the account will be locked out for. The question states: βAll credentials will remain enabled
regardless of the number of attempts made.β
D: Disablement automatically disables a user account or causes the account to expire at a specific time
and on a specific day. It will not ensure that all credentials must be changed within 90 days.
E: Group-based privileges grants each group member the same level of access to a certain object. It will
not ensure that all credentials must be changed within 90 days.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294