Complexity requirements

CompTIA Security+ Question I-66

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

A. Upgrade the authentication system to use biometrics instead.
B. Temporarily disable password complexity requirements.
C. Set a temporary password that expires upon first use.
D. Retrieve the user password from the credentials database.

Answer: C

Explanation:
Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator to change the value for a user who has forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can (ideally) remember. Also setting a temporary password to expire upon first use will not allow a hacker the opportunity or time to use it.

CompTIA Security+ Question H-74

Why would a technician use a password cracker?

A. To look for weak passwords on the network
B. To change a user’s passwords when they leave the company
C. To enforce password complexity requirements
D. To change users passwords if they have forgotten them

Answer: A

Explanation:
A password cracker will be able to expose weak passwords on a network.

CompTIA Security+ Question G-26

The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?

A. A security group
B. A group policy
C. Key escrow
D. Certificate revocation

Answer: B

Explanation:
Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, such as password complexity requirements, password history, password length, account lockout settings.

CompTIA Security+ Question B-19

Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

A. A recent security breach in which passwords were cracked.
B. Implementation of configuration management processes.
C. Enforcement of password complexity requirements.
D. Implementation of account lockout procedures.

Answer: A

Explanation:
A password only needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion.

CompTIA A+ Core 2 Question D-96

A technician is trying to setup a non-domain user account on a workstation, but receives the following error message “Password does not meet the complexity requirements.” Which of the following utilities should the technician use to identify the criteria?

A. Local Security Policy
B. Users and Groups
C. Performance Monitor
D. MSCONFIG

Correct Answer: A

Explanation:
http://www.tomshardware.com/forum/23713-63-password-meet-password-policy-requirements

CompTIA A+ Core 2 Question C-89

Which of the following can be achieved with Group Policy to help with workstation security measures?

A. BitLocker password
B. Complexity requirements
C. BIOS password
D. Wake on LAN

Correct Answer: B

Explanation:
http://technet.microsoft.com/en-us/library/cc875814.aspx