CompTIA A+ 220-1102 Practice Question
Your company's security policy mandates the implementation of measures to defend against password-guessing attacks on user accounts. As part of strengthening the defense, which of the following would most effectively mitigate the risk of a dictionary attack?
Enforce an account lockout policy after three unsuccessful login attempts
Disable user accounts outside of business hours
Enforce a minimum password length of eight characters
Require passwords to be changed every 30 days