An organization’s policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords.
The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation.
Which of the following BEST describes what is happening?
A . Some users are meeting password complexity requirements but not password length requirements.
B . The password history enforcement is insufficient, and old passwords are still valid across many different systems.
C . Some users are reusing passwords, and some of the compromised passwords are valid on multiple systems.
D . The compromised password file has been brute-force hacked, and the complexity requirements are not adequate to mitigate this risk.
Answer: D
Leave a Reply