SY0-301 · Question #812
A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavi
The correct answer is B. Enforce a minimum password age policy.. A minimum password age policy forces users to keep a new password for a minimum number of days before changing it again, preventing rapid cycling through password history to return to a previous password.
Question
A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?
Options
- AAssign users passwords based upon job role.
- BEnforce a minimum password age policy.
- CPrevent users from choosing their own passwords.
- DIncrease the password expiration time frame.
How the community answered
(70 responses)- A3% (2)
- B89% (62)
- C1% (1)
- D7% (5)
Why each option
A minimum password age policy forces users to keep a new password for a minimum number of days before changing it again, preventing rapid cycling through password history to return to a previous password.
Assigning passwords based on job role does not prevent a user from changing their password back to a previous one once they gain the ability to change it.
Password history settings prevent reuse of a set number of previous passwords, but without a minimum password age, a user can change their password rapidly in succession, cycling through the required history count in minutes and returning to their original password. Enforcing a minimum password age - typically 1 day - prevents this by requiring the user to wait before each change, making cycling through history impractical. Together, minimum password age and password history form the complete defense against this behavior.
Preventing users from choosing their own passwords would require administrative overhead for every change and does not scale, and still does not inherently prevent cycling if users influence the process.
Increasing the password expiration timeframe gives users more time between required changes but does not stop them from cycling through history immediately after a change is triggered.
Concept tested: Minimum password age to prevent password history cycling
Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/minimum-password-age
Topics
Community Discussion
No community discussion yet for this question.