Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this
reasoning?
A.
A recent security breach in which passwords were cracked.
B.
Implementation of configuration management processes.
C.
Enforcement of password complexity requirements.
D.
Implementation of account lockout procedures.
Explanation:
A password only needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to
be changed if it has been reused, or due to possible compromise as a result of a system intrusion.
Incorrect Answers:
B: Configuration management provides visibility and control of a system’s performance, as well as its functional and physical attributes.
C: Password complexity normally requires a minimum of three out of four standard character types to be represented in the password. It would not require forcing
expiration of all company passwords by the close of business day.
D: Account lockout automatically disables an account due to repeated failed log on attempts. It would not require forcing expiration of all company passwords by
the close of business day.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292, 293.
http://en.wikipedia.org/wiki/Configuration_management