An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks.
Which two requirements should be included in this policy? (Choose two.)
A. active username limit
B. password expiration period
C. access code control
D. username expiration date
E. minimum password length