Exam CAS-004 topic 1 question 452 discussion

To address the password reuse issue effectively, the company should focus on strategies that prevent employees from reusing previously compromised passwords. The best solutions for this issue are: B. Increase the history to 20. Password history refers to how many previous passwords a user is prevented from reusing. By increasing the history requirement to 20, employees will not be able to reuse any of their last 20 passwords, including those that were compromised. This will make it much harder for employees to simply reuse old passwords and ensure they choose unique ones each time. E. Decrease the maximum age to 30 days. Password expiration forces employees to change their passwords regularly, and setting the maximum age to 30 days ensures that passwords are updated frequently. This reduces the risk of compromised passwords lingering in the system for too long. A shorter password expiration cycle, like 30 days, also encourages employees to adopt better security habits and creates more opportunities to ensure passwords are not reused from previous cycles.

AB make sense, first 2 days between password changes and 20 passwords remembered takes over 40 days to get to a point where you are using your original password. Nobody will keep changing passwords every day for a month and a half.

A. Increase the minimum age to two days: Increasing the minimum age of passwords ensures that users cannot rapidly change their password multiple times to cycle back to their original password. By setting a minimum age, you enforce a delay between password changes, which helps prevent users from bypassing the password history policy. B. Increase the history to 20: Increasing the password history requirement means that users cannot reuse any of their last 20 passwords. This significantly reduces the likelihood of password reuse because users must remember or generate many more unique passwords before they can reuse an old one.

Forget B.

https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting Vulnerability: For example, if you configure the Enforce password history policy setting to ensure that users cannot reuse any of their last 12 passwords, but you do not configure the Minimum password age policy setting to a number that is greater than 0, users could change their password 13 times in a few minutes and reuse their original password. You must configure this policy setting to a number that is greater than 0 for the Enforce password history policy setting to be effective. Countermeasure: Configure the Minimum password age policy setting to a value of at least 2 days.

By increasing the minimum password age to two days (option A), employees are compelled to retain passwords longer before changing them, which discourages rapid cycling and potential reuse. Simultaneously, increasing the password history to 20 (option B) ensures that employees must use a broader set of passwords before reusing any, thereby reducing the risk associated with compromised passwords. These measures together strengthen the organization's password security posture and mitigate the identified password reuse issue effectively.