Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
When creating a new user account, the system provides a temporary password that must be changed at the next login. However, at the next login a user can type the same password and the system will accept it. What would be the best control in this scenario?
Establishing a system that does not accept an old password as a new password
Creating a system that ensures that users change passwords more frequently
Establishing a security awareness and an education program
Update the company's password policy
Hardening the password parameters so that old passwords are not accepted as new passwords is the most effective control because it is system enforced. Although education is important and users should be aware of the need for strong authentication, educating users through security awareness programs and training will not result in the most effective control. Policies document the company's requirements; the company then must implement the processes and tools to support those requirements. Rewriting the company's password policy will effectively communicate the company's position, but it is not the most effective control to enforce the password change. Even though the system will force users to change passwords more frequently, users can still choose to key in their old passwords.
If the password policy doesn't explicitly forbid password reuse, the first step would be updating it right? You can't assume the policy already does forbid it, as it was not mentioned. I can see it both ways, it's not a hard question just unclear
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.