Which of the following would be MOST effective in successfully implementing restrictive password
policies?
A.
Regular password audits
B.
Single sign-on system
C.
Security awareness program
D.
Penalties for noncompliance
Explanation:
To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in
of the end users. The best way to accomplish this is through a security awareness program.
Regular password audits and penalties for noncompliance would not be as effective on their own;
people would go around them unless forced by the system. Single sign-on is a technology solution
that would enforce password complexity but would not promote user compliance. For the effort to
be more effective, user buy-in is important.