Chapter 22
From a practical standpoint, how many times should password entry be allowed before locking the account?
3 times
Which password length gives the greatest password strength?
8 Characters
What is the recommended time frame to change passwords that balances password security with user convenience?
90 Days
Which correctly defines password policy?
A set of rules designed to enhance computer security by requiring users to employ and maintain strong passwords
Which represents the strongest password policy provisions?
Construction, reuse, duration, protection, consequences
List three types of password attacks?
Dictionary, brute-force, hybrid, and birthday attacks are methods used to discover passwords.
Which implements the strongest domain password policy?
Enforce password history, maximum password age, minimum password age, minimum password length
List three important user account factors to mitigate account risks.
Factors used to mitigate risk associated with user accounts include password complexity, account lockout, account disablement, shared accounts, and generic account prohibitions.
Why should passwords not be written down?
If an attacker gains physical access to a work area, it is easier to find a password.
Which provides valuable information during investigations of intrusions?
Number of failed login attempts
Match the password policy issue with the attack it mitigates:
Password length - Brute-force attacks Password file access - Birthday attack Password complexity - Dictionary attack
Your boss has asked you to prepare for the executive staff meeting a one-slide presentation that outlines the five components of a good password policy. List the five points you'd put on that slide.
The five key components of a password policy are password construction, reuse restrictions, duration, protection of passwords, and consequences.
What is the password dilemma?
The more difficult we make it for attackers to guess our passwords, and the more frequently we force password changes, the more difficult the passwords are for users to remember and the more likely they are to write them down.
Your coworker tells you that he's devised a great way to remember his password. He started with a really strong password, and now he just changes the last two characters each time a password change is required. What is the weakness of what your friend is doing?
While your coworker's password is still strong, it really isn't changing significantly. If his account were compromised, it could be dived that he is just incrementally changing the password by only two characters.