While reviewing the security controls in place for a web-based application, a security controls assessor notices
that there are no password strength requirements in place. Because of this vulnerability, passwords might be
easily discovered using a brute force attack. Which of the following password requirements will MOST
effectively improve the security posture of the application against these attacks? (Choose two.)
A.
Minimum complexity
B.
Maximum age limit
C.
Maximum length
D.
Minimum length
E.
Minimum age limit
F.
Minimum re-use limit
>>> Which of the following password requirements will MOST
effectively improve the security posture of the application against these attacks?
The question is about how to increase security of application, isn’t it? I really don’t undestand why do a lot of people answer a,d or f. All these choises are about decreasing of password strength. Obviously that to increas password strength we need to use maximum length (C) and Minimum age limit (E).
Please correct me if i’m wrong
who cares about Maximum Length? would you stop me from having a 500 character password if you are a security admin? why would you have any issues with that?