ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 855 discussion

Actual exam question from CompTIA's SY0-501
Question #: 855
Topic #: 1
[All SY0-501 Questions]

A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

  • A. Password length, password encryption, password complexity
  • B. Password complexity, least privilege, password reuse
  • C. Password reuse, password complexity, password expiration
  • D. Group policy, password history, password encryption
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by coentror at Aug. 16, 2020, 7:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hanzero
Highly Voted 4 years, 7 months ago
Answer is C because it is the only one that mentions expiration. Users are still using passwords found in the database meaning they haven't changed their passwords
upvoted 24 times
...
coentror
Highly Voted 4 years, 8 months ago
A is a better answer: Password length, password encryption, password complexity is a far better option that helps reduce the risk.
upvoted 5 times
Max_DeJaV
4 years, 8 months ago
In this case, users are reusing passwords. If not forced by policy they will use the same "complex" password every time. Password minimum age should be a best option too. Answer A doesn't include password expiration too. C is correct
upvoted 13 times
...
adriantdf
4 years, 8 months ago
I also agree with A, it says in the question that the collection contains the cleartext credentials. Add a good encryption along with good complexity and length and you have nothing to worry about.
upvoted 1 times
...
Teza
4 years, 8 months ago
Option C is the correct answer. Password length is a part of password complexity. People are reusing the password in a file that is 4 years old, enforcing password policy of age. history and complexity using the Group Policy Object will save the day
upvoted 13 times
Dante_Dan
4 years, 8 months ago
Password length and password complexity are 2 different things. Although, password length is more secure than password complexity. Could be C
upvoted 2 times
Dante_Dan
4 years, 8 months ago
I meant, answer A Besides, "password reuse" is not a thing. The concept must be "Password History".
upvoted 1 times
...
choboanon
4 years, 6 months ago
Password length is not necessarily more secure than password complexity. A password of "e4Ht!" is more secure than the password "aaaaaaaaaaaaaaaaaa"
upvoted 2 times
nakres64
4 years, 2 months ago
It is not true generally. Recent guidance from the National Institute of Standards and Technology (NIST) advises that password length is much more important than password complexity.
upvoted 1 times
...
Load full discussion...
...
...
...
Spardaefit
4 years, 3 months ago
Key word , “BEST”
upvoted 1 times
...
...
0mega1
Most Recent 4 years, 1 month ago
The answer is corect,password encryption has nothing to so with this because passwords are stored as hashes, the only logical answer is C
upvoted 3 times
...
AlexChen011
4 years, 1 month ago
Password encryption makes no sense in this scenario
upvoted 1 times
...
mindtricks
4 years, 4 months ago
Which of the following would be the best combination to reduce the risks DISCOVERED? Its about users failing to update their passwords. C is correct.
upvoted 2 times
...
babati
4 years, 8 months ago
Answer D Nobody said the passwords are weak or short. They are simply known. Also they are 30% of the company's users, which is quiet a lot. The best way to resolve this is through GPO. A group policy also includes password policy. Passwords are good anyway, so people just need to change them (password history).
upvoted 5 times
Dion79
3 years, 10 months ago
I like D too. afsc2 did you pass? Password reuse occurs when a user attempts to use a password they hadused previously on the same system. The management of password history prevents password reuse. So afsc, do you hash the password since its the largest plaintext dump on the web? just ignore that statement? how do you protect cleartext passwords? Reference. 1. CompTIA Review Guide 4th edition.
upvoted 1 times
Dion79
3 years, 10 months ago
"Which of the following would be the BEST combination to reduce the risks discovered? Good possibility it's provided answer.. IDFK... BS... If i get it on exam I'll go with provided answer.
upvoted 1 times
Dion79
3 years, 10 months ago
if you configure password policy according to Answer C, even if password list is found on a dumpsite again, the 30% of clients that didn't change passwords, would be forced to change there passwords resulting in a much lower % of password reuse or not changing password. Regardless if password list is found on some website dump, you have a strong password policy according to C. So, afsc2, its not that D is a terrible answer, but probably not the answer they are looking for.
upvoted 1 times
...
...
...
steven1
4 years, 7 months ago
D. also mentions encryption, which is a must.
upvoted 2 times
choboanon
4 years, 6 months ago
Passwords are hashed, not encrypted
upvoted 1 times
...
...
afsc2
4 years, 7 months ago
Nothing in the question indicates Microsoft (GPO) is being used. Passwords are best hashed, not encrypted. D is a terrible answer.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago