6.5

What type of password attack involves comparing encrypted passwords against a predetermined list of possible password values?

A dictionary attack

What is a weakness of password managers?

A user must trust that the application storing the passwords is secure and cannot be cracked.

Which scenario is an example a stealing a password via a brute-force attack?

An attacker uses password-cracking software to attempt every possible alphanumeric password combination.

What is a best practice that you can use to protect your password?

Changing your password every 60 to 90 days

What can you do to prevent your account from being hacked by repeated guessing attempts?

Configure account lockout.

How can an administrator help make sure that a stolen password cannot be misused indefinitely?

Configuring a password expiration period

Which of the following is a characteristic of a strong password?

It uses a combination of uppercase, lowercase, numeric, and special characters.

What action should a system take after a user resets the password?

Log the action and inform the user via their registered email address

When you attempt to change a password, the system returns an error indicating that the new password cannot be the same as the previous five passwords. This is an example of which best practice?

Maintaining a password history

What password length is acceptable for an ordinary user account?

Nine to twelve characters

One of the most basic security rules is to use passwords that are "easy to remember but difficult to guess." Which password security measure covers this rule?

Password complexity

After one of your passwords is stolen from a hacked website, you later learn that someone has accessed your bank accounts at two different companies. What weakness allowed the attacker access the two separate bank accounts?

Poor password management with reuse across many sites