CompTIA Security+ (SY0-601) — Question 842

A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated?

Answer options

• A. Password complexity
• B. Password history
• C. Password reuse
• D. Password length

Correct answer: A

Explanation

The correct answer is A, as the policy against using common words directly relates to password complexity requirements. Options B, C, and D do not address the specific issue of using easily guessable passwords, which is the focus of the violation in this scenario.