Question 1hardmultiple choice
Full question →Question 758 of 1,000
hardmultiple choiceObjective-mapped
220-1102 Practice Question: A company's current password policy requires a…
This 220-1102 practice question tests your understanding of a company's current password policy requires a…. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. A key principle to apply: passphrases prioritize length over character complexity for security.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A company's current password policy requires a minimum of 14 characters with complexity (uppercase, lowercase, numbers, and special characters). Users frequently forget these complex passwords and submit help desk reset requests. Which alternative approach would BEST enhance security while reducing the burden on users?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Allow users to use passphrases instead of complex passwords
Passphrases leverage length over complexity and are easier to remember, often providing stronger security against brute-force attacks than shorter, complex passwords.
B
Distractor review
Reduce the minimum password length to 8 characters to make passwords easier to type
Reducing length significantly decreases resistance to brute-force cracking, making it a security downgrade despite easing user memory.
C
Distractor review
Enforce password expiration every 30 days
Frequent password changes often lead users to create weak, incremental passwords (e.g., 'May2024!, Jun2024!') and increase reset calls, without proportional security benefit.
D
Distractor review
Implement single sign-on with smart cards and PINs
Smart card authentication is strong but requires purchasing readers, distribution, and management; it may reduce password burden but does not directly address the password complexity issue and adds cost.
Answer analysis
Why the other options are wrong
Understanding why incorrect options are tempting is as important as knowing the correct answer.
- ✗
Reduce the minimum password length to 8 characters to make passwords easier to type
Reducing length significantly decreases resistance to brute-force cracking, making it a security downgrade despite easing user memory.
- ✗
Enforce password expiration every 30 days
Frequent password changes often lead users to create weak, incremental passwords (e.g., 'May2024!, Jun2024!') and increase reset calls, without proportional security benefit.
- ✗
Implement single sign-on with smart cards and PINs
Smart card authentication is strong but requires purchasing readers, distribution, and management; it may reduce password burden but does not directly address the password complexity issue and adds cost.
Common exam trap
Common exam trap: answer the scenario, not the keyword
Candidates might be tempted by smart cards (Option D) for strong security, overlooking the question's focus on an *alternative password policy*.
Technical deep dive
How to think about this question
Allowing users to employ passphrases instead of highly complex, shorter passwords directly addresses the core problem of user burden and forgotten credentials while simultaneously bolstering security. Passphrases leverage length as their primary security mechanism, often consisting of multiple common words strung together (e.g., "correct horse battery staple"). This approach makes them significantly easier for humans to remember and type accurately compared to a seemingly random string of 14 characters with strict complexity rules. From a security standpoint, a long passphrase, even if composed of common words, can be far more resistant to brute-force and dictionary attacks than a shorter, complex password because the sheer number of possible combinations increases exponentially with length. Attackers would need to guess entire word sequences rather than just individual characters and symbols. This method directly contrasts with reducing the minimum password length to 8 characters, which would severely weaken security by making passwords much easier to crack, despite the perceived ease for users. Similarly, enforcing frequent password expiration (e.g., every 30 days) often backfires; users tend to create predictable, incremental passwords (like appending the current month or year) or write them down, leading to a net decrease in security and an increase in help desk calls, which is precisely what the company is trying to reduce. While implementing single sign-on with smart cards and PINs offers robust multi-factor authentication and could reduce password burden, it represents a significant infrastructure investment. It requires purchasing, distributing, and managing smart cards and readers for every user, along with the associated software and training. The question asks for an *alternative approach* to the *password policy* that enhances security and reduces user burden, implying a solution that modifies the existing password paradigm rather than replacing it with an entirely new, costly authentication system. Passphrases provide a cost-effective and user-friendly enhancement within the existing password framework.
KKey Concepts to Remember
- Passphrases prioritize length over character complexity for security.
- They are generally easier for users to remember and type accurately.
- Longer passphrases offer strong resistance against brute-force attacks.
- Passphrases can reduce help desk calls related to forgotten complex passwords.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Passphrases prioritize length over character complexity for security.
Related practice questions
Related 220-1102 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CompTIA A+ hardware practice questions
Practise 220-1102 questions linked to CompTIA A+ hardware.
CompTIA A+ mobile devices practice questions
Practise 220-1102 questions linked to CompTIA A+ mobile devices.
CompTIA A+ networking practice questions
Practise 220-1102 questions linked to CompTIA A+ networking.
CompTIA A+ operating systems practice questions
Practise 220-1102 questions linked to CompTIA A+ operating systems.
CompTIA A+ security practice questions
Practise 220-1102 questions linked to CompTIA A+ security.
CompTIA A+ software troubleshooting questions
Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.
CompTIA A+ operational procedures questions
Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?
Question 2
A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?
Question 3
A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?
Question 4
A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?
Question 5
A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?
Question 6
A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?
Practice this exam
Start a free 220-1102 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 220-1102 question test?
Passphrases prioritize length over character complexity for security.
What is the correct answer to this question?
The correct answer is: Allow users to use passphrases instead of complex passwords — Passphrases consist of a sequence of random words or a sentence. They are much longer (thus resistant to brute-force attacks) yet easier for users to remember than a jumble of characters. Complexity requirements often lead to predictable patterns (e.g., 'Password1!'), which can be weaker than a long passphrase. Reducing password length or enforcing frequent expiration can actually weaken security or add user friction. Smart cards require additional hardware and infrastructure.
What should I do if I get this 220-1102 question wrong?
Review passphrases prioritize length over character complexity for security., then practise related 220-1102 questions on the same topic to reinforce the concept.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More 220-1102 practice questions
- A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
- A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
- A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
- A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
- A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
- A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Loading comments…
Sign in to join the discussion.
This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.