Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
It is suggested that organizations use a password policy to define guidelines for password creation and usage, to prevent adversaries from easily compromising passwords. Which of the following options should be included in a password policy?
Edit: Utopia, rather than IRL
D. Passwords for administrator-level or privileged accounts should be changed regularly, according to organizationally defined intervals.
A, B, C, and D should be part of an organizational password policy. Additionally, passwords should be compared against common variations or permutations of the associated username; any matches should be prohibited from use.
A. Passwords should be a minimum of 15 characters long, and should include a mixture of upper- and lowercase alphabetic characters, numbers, and nonalphanumeric characters.
A, B, and D should be part of an organizational password policy. Additionally, passwords should be compared against common variations or permutations of the associated username; any matches should be prohibited from use.
B. A password history should be used, to prevent reuse of passwords on organizational systems.
C. Password strings should be converted to lowercase letters, and compared to a dictionary of commonly used passwords; any matching passwords should be prohibited from use.
An organizational password policy should define a minimum password length of 15 characters, and define suitable complexity guidelines (a mixture of upper- and lowercase letters, numbers, and nonalphanumeric characters); according to NIST SP 800-63-1, Electronic Authentication Guideline, passwords created under such circumstances should provide "at least 10 bits of min-entropy" (http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf).
NIST SP 800-63-1 suggests that organizations convert selected passwords to lowercase letters, and compare the lowercase string to a dictionary of at least 50,000 common passwords that otherwise meet the organizational password policy; selected passwords should additionally be checked against common variations or permutations of the associated username.
It is suggested that a password history be utilized; this should be implemented to prevent the reuse of prior passwords, and to prevent the usage of the same password for a given user across organizational systems. Privileged and administrator accounts should be required to change passwords at regularly intervals, as determined to meet organizational needs (https://www.iad.gov/iad/library/reports/nsa-methodology-for-adversary-obstruction.cfm).
EDIT: The answer provided it ridiculous and would never be implemented in a real organisation
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.