nerdexam
CompTIA

SY0-301 · Question #813

The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?

The correct answer is A. Enforce password rules requiring complexity.. Enforcing password complexity rules requires a mix of character types (uppercase, lowercase, numbers, symbols), making passwords both harder to guess and significantly harder to brute force.

Security operations

Question

The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?

Options

  • AEnforce password rules requiring complexity.
  • BShorten the maximum life of account passwords.
  • CIncrease the minimum password length.
  • DEnforce account lockout policies.

How the community answered

(29 responses)
  • A
    90% (26)
  • C
    3% (1)
  • D
    7% (2)

Why each option

Enforcing password complexity rules requires a mix of character types (uppercase, lowercase, numbers, symbols), making passwords both harder to guess and significantly harder to brute force.

AEnforce password rules requiring complexity.Correct

Password complexity policies mandate that passwords include multiple character classes, which dramatically expands the keyspace an attacker must search during a brute force attack and simultaneously prevents easily guessable patterns like dictionary words or simple names. This directly addresses both attack vectors mentioned in the question - guessability and brute force susceptibility. Complexity rules are the most comprehensive single control because they constrain password composition rather than only one dimension of password strength.

BShorten the maximum life of account passwords.

Shortening the maximum password life means compromised passwords are valid for less time but does nothing to prevent weak or guessable passwords from being set in the first place.

CIncrease the minimum password length.

Increasing minimum length improves brute force resistance but does not prevent users from choosing long but still easily guessable strings such as a repeated word.

DEnforce account lockout policies.

Account lockout policies limit the number of brute force attempts but do not address the root problem of users choosing weak or guessable passwords.

Concept tested: Password complexity policy to prevent weak passwords

Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements

Topics

#password complexity#brute force#password policy#account lockout

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice