ExamTopics Logo
Mail Us[email protected]
Menu
Iia Discussions
exam questions

Exam IIA-CIA-Part3 All Questions

View all questions & answers for the IIA-CIA-Part3 exam
Go to Exam

Exam IIA-CIA-Part3 topic 1 question 89 discussion

Actual exam question from IIA's IIA-CIA-Part3
Question #: 89
Topic #: 1
[All IIA-CIA-Part3 Questions]

Which of the following application software features is the least effective control to protect passwords?

  • A. Suspension of user IDs after a user's repeated attempts to sign on with an invalid password.
  • B. Encryption of passwords prior to their transmission or storage.
  • C. Forced change of passwords after a designated number of days.
  • D. Automatic logoff of inactive users after a specified time period of inactivity.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by dedfef at Dec. 8, 2020, 7:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SiweBalala
1 week, 4 days ago
Selected Answer: C
I would rule out Option D because it deals specifically with session security. In this particular context, I would then say Option D is cropped out of the picture, leaving option A to option C. Why C? Password changes can sometimes lead to weak password practices, hence being the least effective as much as it helps in preventing password compromise, but encryption and suspension of USER ID would be what I consider better controls than (C)
upvoted 1 times
...
emtofid
1 month ago
Selected Answer: D
D is the least effective control for protecting passwords specifically, as its primary purpose is to secure active sessions rather than safeguarding the passwords themselves.
upvoted 1 times
...
Domiii
1 year ago
Selected Answer: B
The correct answer is B. Encryption of passwords prior to their transmission or storage. This option is the least effective control to protect passwords. While encryption is important for securing passwords, it only protects against unauthorized access to the stored or transmitted password. Other options provide additional layers of protection, such as suspending user IDs after repeated invalid password attempts, forcing password changes, and automatic logoff of inactive users
upvoted 1 times
...
Crazyhydra
1 year, 3 months ago
D is the correct answer, it does not protect the password.
upvoted 1 times
...
sed999
3 years, 1 month ago
The correct answer is B , according to GTAG
upvoted 1 times
...
Steve8Taiwan
3 years, 2 months ago
I think D should be the answer.
upvoted 1 times
...
Walewweeeed
3 years, 3 months ago
I think b is correct regarding GTAG of auditing identity and access management
upvoted 2 times
...
dedfef
4 years, 1 month ago
the answer doesnt make sense. How is the forced changing of passwords a weak control?
upvoted 2 times
AKKR
4 years, 1 month ago
It does not protect from stealing password, but only from using stolen one.
upvoted 4 times
Tico
3 years, 5 months ago
"D. Automatic logoff" also doesn't protect from stealing passwords, either. Is there any other reasonable explanation to choose C as an answer?
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago