CompTIA Security+ Question L-80

A security administrator is reviewing the below output from a password auditing tool:
P@ss.
@pW1.
S3cU4
Which of the following additional policies should be implemented based on the tool’s output?

A. Password age
B. Password history
C. Password length
D. Password complexity

Answer: C

Explanation:
The output shows that all the passwords are either 4 or 5 characters long. This is way too short, 8 characters are shown to be the minimum for password length.