Certificate of Cloud Auditing Knowledge (CCAK) — Question 90

Which objective is MOST appropriate to measure the effectiveness of password policy?

Answer options

• A. The number of related incidents increases.
• B. Attempts to log with weak credentials increases.
• C. Newly created account credentials satisfy requirements.
• D. The number of related incidents decreases.

Correct answer: D

Explanation

The correct answer is D because a decrease in related incidents indicates that the password policy is successfully preventing security breaches. In contrast, options A and B suggest a rise in incidents or weak credential attempts, which would imply the policy is ineffective. Option C, while relevant, does not directly measure the overall effectiveness in reducing incidents.