Chapter 22

From a practical standpoint, how many times should password entry be allowed before locking the account?

3 times

Which password length gives the greatest password strength?

8 Characters

What is the recommended time frame to change passwords that balances password security with user convenience?

90 Days

Which correctly defines password policy?

A set of rules designed to enhance computer security by requiring users to employ and maintain strong passwords

Which represents the strongest password policy provisions?

Construction, reuse, duration, protection, consequences

List three types of password attacks?

Dictionary, brute-force, hybrid, and birthday attacks are methods used to discover passwords.

Which implements the strongest domain password policy?

Enforce password history, maximum password age, minimum password age, minimum password length

List three important user account factors to mitigate account risks.

Factors used to mitigate risk associated with user accounts include password complexity, account lockout, account disablement, shared accounts, and generic account prohibitions.

Why should passwords not be written down?

If an attacker gains physical access to a work area, it is easier to find a password.

Which provides valuable information during investigations of intrusions?

Number of failed login attempts

Match the password policy issue with the attack it mitigates:

Password length - Brute-force attacks Password file access - Birthday attack Password complexity - Dictionary attack

Your boss has asked you to prepare for the executive staff meeting a one-slide presentation that outlines the five components of a good password policy. List the five points you'd put on that slide.

The five key components of a password policy are password construction, reuse restrictions, duration, protection of passwords, and consequences.

What is the password dilemma?

The more difficult we make it for attackers to guess our passwords, and the more frequently we force password changes, the more difficult the passwords are for users to remember and the more likely they are to write them down.

Your coworker tells you that he's devised a great way to remember his password. He started with a really strong password, and now he just changes the last two characters each time a password change is required. What is the weakness of what your friend is doing?

While your coworker's password is still strong, it really isn't changing significantly. If his account were compromised, it could be dived that he is just incrementally changing the password by only two characters.