CompTIA CySA+ (CS0-001) — Question 105
A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.
Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?
Answer options
- A. A compensating control
- B. Altering the password policy
- C. Creating new account management procedures
- D. Encrypting authentication traffic
Correct answer: D
Explanation
Encrypting authentication traffic ensures that even if weak passwords are used, the data transmitted during authentication is protected from interception. The other options either do not address the underlying issue effectively or could introduce additional risks, such as altering the password policy that might compromise security further.