Which policy prevents a user from choosing a new password that matches any of the last four passwords they used?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Which policy prevents a user from choosing a new password that matches any of the last four passwords they used?

Explanation:
The main idea is password history enforcement. This policy keeps a record of the user’s recently used passwords and blocks any new password that matches one of the last few you’ve used, in this case the last four. By preventing reuse of recent passwords, it makes it harder for an attacker who has captured or guessed an old password to gain access again, and it pushes users to create genuinely new credentials. That’s why this choice is the best fit: it explicitly states that reusing any of the last four passwords is prohibited, which is exactly what prevents a new password from matching recent ones. The other options don’t stop reuse of recent passwords: forcing a change every 30 days changes timing but not the reuse restriction; logging changes audits activity but doesn’t prevent reuse; requiring reuse would do the opposite of strengthening security.

The main idea is password history enforcement. This policy keeps a record of the user’s recently used passwords and blocks any new password that matches one of the last few you’ve used, in this case the last four. By preventing reuse of recent passwords, it makes it harder for an attacker who has captured or guessed an old password to gain access again, and it pushes users to create genuinely new credentials.

That’s why this choice is the best fit: it explicitly states that reusing any of the last four passwords is prohibited, which is exactly what prevents a new password from matching recent ones. The other options don’t stop reuse of recent passwords: forcing a change every 30 days changes timing but not the reuse restriction; logging changes audits activity but doesn’t prevent reuse; requiring reuse would do the opposite of strengthening security.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy