The systems administrator notices that many employees are using passwords that can be easily
guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this
risk?

A.
Enforce password rules requiring complexity.

B.
Shorten the maximum life of account passwords.

C.
Increase the minimum password length.

D.
Enforce account lockout policies.

Explanation:
Password complexity often requires the use of a minimum of three out of four standard character
types for a password. The more characters in a password that includes some character
complexity, the more resistant it is to brute force attacks.