An organization has the following password policies:
– Passwords must be at least 16 characters long.
– A password cannot be the same as any previous 20 passwords.
– Three failed login attempts will lock the account for five minutes.
– Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were
compromised. Users with permission on that database server were forced to change their passwords for
that server. Unauthorized and suspicious logins are now being detected on a completely separate server.
Which of the following is MOST likely the issue and the best solution?
A . Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
B . The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
C . User passwords are not sufficiently long or complex; the organization should increase the complexity and length requirements for passwords.
D . The trust relationship between the two servers has been compromised; the organization should place each server on a separate VLA
Answer: A