220-1002 Question #821: Real Exam Question with Answer & Explanation

The correct answer is A: Require the user to change the password at the next login.. Requiring the user to change the password at next login is the correct security practice. When an admin resets a password, they know what that password is - meaning two people now know it, which is a security risk. Forcing a change at first login ensures only the account owner kn

Question

A systems administrator needs to reset a user's password because the user forgot it. The systems administrator creates the new password and wants to further protect the user's account. Which of the following should the systems administrator do?

Options

ARequire the user to change the password at the next login.
BDisallow the user from changing the password.
CDisable the account.
DChoose a password that never expires.

Explanation

Requiring the user to change the password at next login is the correct security practice. When an admin resets a password, they know what that password is - meaning two people now know it, which is a security risk. Forcing a change at first login ensures only the account owner knows the final password. A) is the standard and secure approach. B) Disallowing the user from changing their password is the opposite of good security. C) Disabling the account would prevent the user from working. D) Setting a non-expiring password removes a layer of ongoing security. This is a fundamental principle of the principle of least privilege and account hygiene: the admin-set password should be temporary.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice