nerdexam
ExamsSY0-301Questions#748
CompTIA

SY0-301 · Question #748

SY0-301 Question #748: Real Exam Question with Answer & Explanation

The correct answer is C: Set a temporary password that expires upon first use.. Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.

Question

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

Options

  • AUpgrade the authentication system to use biometrics instead.
  • BTemporarily disable password complexity requirements.
  • CSet a temporary password that expires upon first use.
  • DRetrieve the user password from the credentials database.

Explanation

Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.

Common mistakes.

  • A. Upgrading to biometrics does not resolve the immediate access problem and is a system-level change, not an account recovery strategy.
  • B. Temporarily disabling password complexity introduces a security gap and does not actually restore the user's access to their account.
  • D. Passwords should be stored as salted hashes, making retrieval impossible; if a system can retrieve a plaintext password, that indicates a critical security design flaw.

Concept tested. Secure password reset and temporary credential best practices

Reference. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice