Which two characteristics must passwords meet according to 8.2.1?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Which two characteristics must passwords meet according to 8.2.1?

Explanation:
Passwords must be long enough and include a mix of character types to resist guessing. For 8.2.1, this means a minimum length of seven characters and the inclusion of numeric characters along with alphabetic characters. The longer length expands the password space, making brute-force attempts far harder, while adding numbers increases complexity beyond purely alphabetical passwords. Together, these two requirements create a stronger baseline than either one alone. If a password only met the length requirement but used only letters, it would still be susceptible to dictionary or pattern-based attacks. If a password met the character-mix requirement but was shorter than seven, it wouldn’t provide sufficient protection against guessing. A rule that demands uppercase and lowercase only would omit numeric complexity and, depending on length, might still be weaker than the combined approach.

Passwords must be long enough and include a mix of character types to resist guessing. For 8.2.1, this means a minimum length of seven characters and the inclusion of numeric characters along with alphabetic characters. The longer length expands the password space, making brute-force attempts far harder, while adding numbers increases complexity beyond purely alphabetical passwords. Together, these two requirements create a stronger baseline than either one alone.

If a password only met the length requirement but used only letters, it would still be susceptible to dictionary or pattern-based attacks. If a password met the character-mix requirement but was shorter than seven, it wouldn’t provide sufficient protection against guessing. A rule that demands uppercase and lowercase only would omit numeric complexity and, depending on length, might still be weaker than the combined approach.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy