An administrator discovers that many users have used their same passwords for years even
though the network requires that the passwords be changed every six weeks. Which of the
following, when used together, would BEST prevent users from reusing their existing password?
(Select TWO).

A.
Length of password

B.
Password history

C.
Minimum password age

D.
Password expiration

E.
Password complexity

F.
Non-dictionary words

Explanation:
In this question, users are forced to change their passwords every six weeks. However, they are
able to change their password and enter the same password as the new password.
Password history determines the number of previous passwords that cannot be used when a user
changes his password. For example, a password history value of 5 would disallow a user from
changing his password to any of his previous 5 passwords.
When a user is forced to change his password due to a maximum password age period expiring,
(the question states that the network requires that the passwords be changed every six weeks) he
could change his password to a previously used password. Or if a password history value of 5 is
configured, the user could change his password six times to cycle back round to his original
password. This is where the minimum password age comes in. This is the period that a password
must be used for. For example, a minimum password age of 30 would determine that when a user
changes his password, he must continue to use the same password for at least 30 days.