After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot
contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user
account options were enforced? (Select TWO).
A.
Recovery
B.
User assigned privileges
C.
Lockout
D.
Disablement
E.
Group based privileges
F.
Password expiration
G.
Password complexity
Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that
includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.
Incorrect Answers:
A: Recovery of a password requires that the password storage mechanism be reversible or that passwords be stored in multiple ways. Requiring passwords to be
changed is more secure than recovering them.
B: User assigned privileges can be assigned by the user. It will not ensure that all credentials must be changed within 90 days.
C: Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. The
question states: “All credentials will remain enabled regardless of the number of attempts made.”
D: Disablement automatically disables a user account or causes the account to expire at a specific time and on a specific day. It will not ensure that all credentials
must be changed within 90 days.
E: Group-based privileges grants each group member the same level of access to a certain object. It will not ensure that all credentials must be changed within 90
days.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292- 294.