An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).
A. Password Complexity B. Password Expiration C. Password Age D. Password Length E. Password History
Answer: A,D
Explanation: Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password combined are vital factors in defining a password’s strength.
A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?
A. DoS B. Account lockout C. Password recovery D. Password complexity
Answer: B
Explanation: B: Account lockout automatically disables an account due to repeated failed log on attempts. The hacker must have executed a script to repeatedly try logging on to the remote accounts, forcing the account lockout policy to activate.
Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential?
A. Account expiration B. Password complexity C. Account lockout D. Dual factor authentication
Answer: A
Explanation: Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.
Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?
A. A recent security breach in which passwords were cracked. B. Implementation of configuration management processes. C. Enforcement of password complexity requirements. D. Implementation of account lockout procedures.
Answer: A
Explanation: A password only needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion.
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity
Answer: A
Explanation: Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed.
IT suspects that other people are frequently making changes to a computer when a user leaves their desk. Which of the following security policies can be implemented in order to prevent this situation?
A. Auto-lock B. Password complexity C. Change the default username D. Disable the guest account