CompTIA Security+ (SY0-501) — Question 275

Which of the following is a compensating control that will BEST reduce the risk of weak passwords?

Answer options

• A. Requiring the use of one-time tokens
• B. Increasing password history retention count
• C. Disabling user accounts after exceeding maximum attempts
• D. Setting expiration of user passwords to a shorter time

Correct answer: A

Explanation

Requiring the use of one-time tokens adds an additional layer of security that can effectively counteract the risks posed by weak passwords, making it the best choice. Increasing password history retention or setting shorter expiration times might improve password management but do not directly address the weaknesses of the passwords themselves. Disabling accounts after failed attempts can prevent unauthorized access but does not enhance the strength of the passwords in use.