While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in
place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST
effectively improve the security posture of the application against these attacks? (Select two)
A.
Minimum complexity
B.
Maximum age limit
C.
Maximum length
D.
Minimum length
E.
Minimum age limit
F.
Minimum re-use limit
Answer need to be C and E.
Minimum length and minimum complexity does not improve security against brute force attack.
Maximum complexity and length of course. But we don’t have that answers, we go with Maximum Length and Minimum age limit (frequent changes)
The question states that there are “no password strength requirements in place” A & D are right setting the Minimum length of a password and its minimum complexity are examples of password strength.