SY0-301 · Question #813
The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?
The correct answer is A. Enforce password rules requiring complexity.. Enforcing password complexity rules requires a mix of character types (uppercase, lowercase, numbers, symbols), making passwords both harder to guess and significantly harder to brute force.
Question
The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?
Options
- AEnforce password rules requiring complexity.
- BShorten the maximum life of account passwords.
- CIncrease the minimum password length.
- DEnforce account lockout policies.
How the community answered
(29 responses)- A90% (26)
- C3% (1)
- D7% (2)
Why each option
Enforcing password complexity rules requires a mix of character types (uppercase, lowercase, numbers, symbols), making passwords both harder to guess and significantly harder to brute force.
Password complexity policies mandate that passwords include multiple character classes, which dramatically expands the keyspace an attacker must search during a brute force attack and simultaneously prevents easily guessable patterns like dictionary words or simple names. This directly addresses both attack vectors mentioned in the question - guessability and brute force susceptibility. Complexity rules are the most comprehensive single control because they constrain password composition rather than only one dimension of password strength.
Shortening the maximum password life means compromised passwords are valid for less time but does nothing to prevent weak or guessable passwords from being set in the first place.
Increasing minimum length improves brute force resistance but does not prevent users from choosing long but still easily guessable strings such as a repeated word.
Account lockout policies limit the number of brute force attempts but do not address the root problem of users choosing weak or guessable passwords.
Concept tested: Password complexity policy to prevent weak passwords
Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
Topics
Community Discussion
No community discussion yet for this question.