CompTIA Security+ (SY0-601) — Question 722

Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue?

Answer options

• A. Complexity requirements
• B. Password history
• C. Acceptable use policy
• D. Shared accounts

Correct answer: B

Explanation

The correct answer is B, Password history, as it prevents users from reusing previous passwords, thereby reducing the risk of compromised passwords being utilized again. Options A, C, and D do not specifically address the reuse of compromised passwords; complexity requirements may improve password strength, acceptable use policies govern general behavior, and shared accounts can increase vulnerability rather than mitigate it.