Guest Password Policy Requirements

BE.

The two requirements that should be included in the guest password policy to mitigate brute force attacks are:

1. Password expiration period: Passwords should be set to expire after a certain period of time to ensure that they are regularly changed. This helps to prevent attackers from gaining access to the guest network by guessing or cracking passwords that may have been in use for an extended period of time. By expiring passwords, even if an attacker has managed to obtain the password, they will only have access for a limited period of time.

2. Minimum password length: Passwords should be set to a minimum length to ensure that they are not easily guessable or cracked by attackers using brute force methods. The longer the password, the more difficult it is for attackers to guess or crack it. A minimum password length of at least 8 characters is recommended, with longer passwords being even more secure. Additionally, password complexity requirements such as the use of upper and lowercase letters, numbers, and special characters can also be enforced to further increase password security.

The other options listed are not directly related to password complexity requirements or mitigating brute force attacks:

A. Active username limit: This is not a requirement for password complexity or brute force attack mitigation, but rather a limit on the number of active guest accounts that can be in use at any given time.

C. Access code control: This is a feature that allows administrators to control access to specific resources or areas within the guest network, but it is not related to password complexity or brute force attack mitigation.

D. Username expiration date: This is not a requirement for password complexity or brute force attack mitigation, but rather a limit on the amount of time that a guest username can be active before it is automatically disabled.

Therefore, the correct answers are B (password expiration period) and E (minimum password length).