nerdexam
CompTIA

SY0-301 · Question #812

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavi

The correct answer is B. Enforce a minimum password age policy.. A minimum password age policy forces users to keep a new password for a minimum number of days before changing it again, preventing rapid cycling through password history to return to a previous password.

Security operations

Question

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

Options

  • AAssign users passwords based upon job role.
  • BEnforce a minimum password age policy.
  • CPrevent users from choosing their own passwords.
  • DIncrease the password expiration time frame.

How the community answered

(70 responses)
  • A
    3% (2)
  • B
    89% (62)
  • C
    1% (1)
  • D
    7% (5)

Why each option

A minimum password age policy forces users to keep a new password for a minimum number of days before changing it again, preventing rapid cycling through password history to return to a previous password.

AAssign users passwords based upon job role.

Assigning passwords based on job role does not prevent a user from changing their password back to a previous one once they gain the ability to change it.

BEnforce a minimum password age policy.Correct

Password history settings prevent reuse of a set number of previous passwords, but without a minimum password age, a user can change their password rapidly in succession, cycling through the required history count in minutes and returning to their original password. Enforcing a minimum password age - typically 1 day - prevents this by requiring the user to wait before each change, making cycling through history impractical. Together, minimum password age and password history form the complete defense against this behavior.

CPrevent users from choosing their own passwords.

Preventing users from choosing their own passwords would require administrative overhead for every change and does not scale, and still does not inherently prevent cycling if users influence the process.

DIncrease the password expiration time frame.

Increasing the password expiration timeframe gives users more time between required changes but does not stop them from cycling through history immediately after a change is triggered.

Concept tested: Minimum password age to prevent password history cycling

Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/minimum-password-age

Topics

#password policy#minimum password age#password history#account management

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice