After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
A.
Expand the password length from seven to 14 characters.
B.
Implement password history restrictions.
C.
Configure password filters/
D.
Disable the accounts after five incorrect attempts.
PenTest+ Practice Tests Book
A. - In this scenario, since the client’s employees are using dictionary words as passwords, the best way to defeat this is by expanding the password length and adding special characters. Special characters for use in passwords are a selection of punctuation characters that are present on standard U.S. keyboards. These include !"#$%&’()*+,-./:;<=>?@[\]^_’{|}~. This will make it harder for attackers to break into the client’s systems.
Wrong. The users can still create a 14 character dictionary password without using special characters (!"#$%&’()*+,-./:;<=>?@[\]^_’{|}~) unless you implement complexity to the password settings. Even then, they can still create passwords like Password12345!! or Windows54321++ so the words can still be found in dictionaries. So I believe the best answer would be C to apply a password filter.
"A custom password filter might also perform a dictionary check to verify that the proposed password does not contain common dictionary words or fragments."
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
"Organizations that rely upon passwords for authentication should set technical policies that set minimum password requirements governing the length and composition of passwords. Anytime a user is provided with the ability to set or change a password, that password should pass through a password filter to verify that it meets the organization’s current complexity requirements." - CompTIA PenTest+ Study Guide Exam PT0-001
C. The question is asking what would be the BEST way to prevent users from using common dictionary 'TERMS' - Plural. Hypothetically with 14 characters you could still have a password consisting of 3 common words so whilst using a password filter isn't the most realistic option, it's the right answer for this question
A is the correct answer. if your current PW policy is only 7 characters, you get a lot of passwords like "Fall2020". Expanding the length to 14 characters removes this possibility.
C is incorrect, because PW filters are only used to enforce existing policy, not implement a new, more secure policy.
"Password filters are used to enforce password policy. Filters validate new passwords and indicate whether the new password conforms to the implemented password policy."
https://docs.microsoft.com/en-us/windows/win32/secmgmt/password-filters
why its A?
lets look in this way . every big company has password restriction to allow 8 or more chars. but no one got password filters at least most of them . in real world scenario i go with A
Maybe: C. Configure password filters ?
Answer 'A' does not say anything about adding special characters.
Using password filters would give you complete control of what characteristics can, and cannot, be included in a password.
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
boblee
Highly Voted 4Â years, 10Â months agomr_robot
Highly Voted 5Â years agomr_robot
4Â years, 11Â months agokloug
Most Recent 2Â years, 2Â months agomiabe
2Â years, 9Â months agoCock
3Â years, 2Â months ago[Removed]
3Â years, 2Â months agodrmombassa
3Â years, 3Â months agoTheABC
3Â years, 5Â months agoJack323
3Â years, 6Â months agosomeguy1393
4Â years, 4Â months agoaww
4Â years, 5Â months agosomeguy1393
4Â years, 4Â months agorose_y
3Â years, 6Â months agoD1960
4Â years, 11Â months ago