Exam SY0-601 topic 1 question 82 discussion

Don't really feel like any of the answers are sufficient. Would be looking for something like MFA for this.

Password reuse is an important concern in any organization. Many users want to reuse the same password for their account over a long period of time.

B. Password history

First, antster1000 is right, but my take is this: when the questions asks "Which of the following would mitigate the issue?", isn't it suggested that means how do we prevent this from happening in the first place? In which case I would lean towards C. So... A - definitely important, but the questions suggests that passwords were compromised anyway. Same for B.

B. Password history This would keep accounts secure as past passwords, which are now public, would be useless.

Password History is the best answer. The password history policy prevents users from reusing their old passwords (because their old passwords are found in the leaked password list.)

B. Password history

Correct Answer: A. Complexity requirements, Because having stronger and more complex passwords makes it harder for attackers to use leaked passwords from other breaches to compromise accounts. If users have complex passwords that are unique to each service they use, the likelihood of a password from one service being valid on another is reduced. Other Answer: B. Password history, This ensures users don't reuse recent passwords, but it wouldn't necessarily prevent the use of passwords from an external leak if a user used the same password on multiple platforms. C. Acceptable use policy, While this sets guidelines for how IT resources can be used, it doesn't directly address the password reuse issue. D. Shared accounts, Shared accounts typically present more of a security risk rather than mitigating issues, as multiple individuals have access to the same account and it's harder to track individual actions.

Answers for the exam and answers that make since in the real world aren't always the same. Once I pass I'm memory dumping all this BS.

All of the choices are crap...not sure if this question is reflective of the real world, or has any value. They are more concerned with tricking with words rather than validating you knowledge. What clown is authoring these questions?

I don't understand these questions, i starting to understand the comments about these questions. Should mitigate the problem right now be have them all change their passwords.... history doesn't matter if there is no age? If they have the database of passwords then they are running a rainbow attack on it somewhere and going to just get more passwords if no one changes it? force a password change, add age and history...

Password history is the least bad of these bad answers.

"... was later used" is a our key statement here.

The scenario indicates business accounts have been compromised in an aftermath of a non-related security incident. Meaning the malicious actors got information from the leaked information and used the same on corporate accounts which evidently also got compromised because the end-users must have reused passwords. Hence an acceptable policy against password reuse would have mitigated the secondary incident. (logic appears sound but open to debate)

Implementing password history would be an effective measure to mitigate the issue of compromised business accounts in this scenario. Password history keeps track of previously used passwords, and users are not allowed to reuse old passwords when creating a new one. This prevents attackers from reusing leaked passwords to gain unauthorized access to business accounts, even if the leaked credentials are known to them. By enforcing password history, organizations can improve their security posture and protect against credential reuse attacks.

I think given the information we have it would be password history.

Password history: Implementing a password history policy ensures that users cannot reuse their previously used passwords. This prevents attackers from reusing compromised passwords to gain unauthorized access to business accounts. By maintaining a password history, users are forced to choose unique passwords each time they update their credentials.