Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
It is suggested that organizations use a password policy to define guidelines for password creation and usage, to prevent adversaries from easily compromising passwords. Which of the following options should be included in a password policy?
Edit: Utopia, rather than IRL
D. Passwords for administrator-level or privileged accounts should be changed regularly, according to organizationally defined intervals.
A, B, C, and D should be part of an organizational password policy. Additionally, passwords should be compared against common variations or permutations of the associated username; any matches should be prohibited from use.
A. Passwords should be a minimum of 15 characters long, and should include a mixture of upper- and lowercase alphabetic characters, numbers, and nonalphanumeric characters.
A, B, and D should be part of an organizational password policy. Additionally, passwords should be compared against common variations or permutations of the associated username; any matches should be prohibited from use.
B. A password history should be used, to prevent reuse of passwords on organizational systems.
C. Password strings should be converted to lowercase letters, and compared to a dictionary of commonly used passwords; any matching passwords should be prohibited from use.
An organizational password policy should define a minimum password length of 15 characters, and define suitable complexity guidelines (a mixture of upper- and lowercase letters, numbers, and nonalphanumeric characters); according to NIST SP 800-63-1, Electronic Authentication Guideline, passwords created under such circumstances should provide "at least 10 bits of min-entropy" (http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf).
NIST SP 800-63-1 suggests that organizations convert selected passwords to lowercase letters, and compare the lowercase string to a dictionary of at least 50,000 common passwords that otherwise meet the organizational password policy; selected passwords should additionally be checked against common variations or permutations of the associated username.
It is suggested that a password history be utilized; this should be implemented to prevent the reuse of prior passwords, and to prevent the usage of the same password for a given user across organizational systems. Privileged and administrator accounts should be required to change passwords at regularly intervals, as determined to meet organizational needs (https://www.iad.gov/iad/library/reports/nsa-methodology-for-adversary-obstruction.cfm).
EDIT: The answer provided it ridiculous and would never be implemented in a real organisation
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.