nerdexam
CompTIA

SY0-301 · Question #748

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

The correct answer is C. Set a temporary password that expires upon first use.. Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.

Security operations

Question

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

Options

  • AUpgrade the authentication system to use biometrics instead.
  • BTemporarily disable password complexity requirements.
  • CSet a temporary password that expires upon first use.
  • DRetrieve the user password from the credentials database.

How the community answered

(51 responses)
  • B
    2% (1)
  • C
    94% (48)
  • D
    4% (2)

Why each option

Setting a temporary password that expires on first use is the most secure recovery strategy because it forces the user to immediately set a new credential while minimizing the window of exposure.

AUpgrade the authentication system to use biometrics instead.

Upgrading to biometrics does not resolve the immediate access problem and is a system-level change, not an account recovery strategy.

BTemporarily disable password complexity requirements.

Temporarily disabling password complexity introduces a security gap and does not actually restore the user's access to their account.

CSet a temporary password that expires upon first use.Correct

A temporary password with forced expiration on first login ensures the help desk never knows the user's actual password, limits the exposure window to a single session, and requires the user to immediately establish their own credential - aligning with least-privilege and zero-knowledge principles for credential management.

DRetrieve the user password from the credentials database.

Passwords should be stored as salted hashes, making retrieval impossible; if a system can retrieve a plaintext password, that indicates a critical security design flaw.

Concept tested: Secure password reset and temporary credential best practices

Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

Topics

#password recovery#account management#authentication#temporary password

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice