ISACA Exam Questions

Which of the following is the MOST appropriate method of ensuring password strength in a large organ

Which of the following is the MOST appropriate method of ensuring password strength in a large organization?

Attempt to reset several passwords to weaker values

Install code to capture passwords for periodic audit

Sample a subset of users and request their passwords for review

Review general security settings on each platform

Reviewing general security settings on each platform will be the most efficient method for determining password strength while not compromising the integrity of the passwords. Attempting to reset several passwords to weaker values may not highlight certain weaknesses. Installing code to capture passwords for periodic audit, and sampling a subset of users and requesting their passwords for review, would compromise the integrity of the passwords.