Free CompTIA PenTest+ PT0-002 Practice Question
During a penetration test for ABC Corp, you identified that the password policy allows users to set extremely common passwords and does not enforce password complexity. As part of your report to the company's management, which of the following recommendations would be MOST appropriate to address this vulnerability?
Implement an account expiration policy that forces users to re-register every 90 days.
Encourage the use of biometric authentication for all users to replace passwords.
Enforce password complexity requirements within the organization's password policy.
Increase the frequency of security monitoring to catch potential breaches.
Advise the company to eliminate passwords entirely in favor of a physical token-based system.
Limit the number of login attempts to three before locking out the user account.
