CompTIA CySA+ (CS0-001) — Question 158

The help desk has reported that users are reusing previous passwords when prompted to change them. Which of the following would be the MOST appropriate control for the security analyst to configure to prevent password reuse? (Choose two.)

Answer options

• A. Implement mandatory access control on all workstations.
• B. Implement role-based access control within directory services.
• C. Deploy Group Policy Objects to domain resources.
• D. Implement scripts to automate the configuration of PAM on Linux hosts.
• E. Deploy a single-sing-on solution for both Windows and Linux hosts.

Correct answer: C

Explanation

Implementing Group Policy Objects (GPOs) is the most effective way to enforce password policies, including preventing password reuse. The other options do not specifically address password management or reuse control and focus more on access control mechanisms rather than password policy enforcement.