A security engineer is designing a password policy for an organization's authentication system. Which of the following characteristics would provide the BEST defense against a brute force attack?
Monitoring failed login attempts in system logs
Requiring password changes every 90 days
Implementing credential lockout mechanisms with increasing delays between attempts
Enforcing password complexity requirements with minimum length and special characters
The correct answer is implementing credential lockout mechanisms with increasing delays between attempts.
Brute force attacks work by systematically trying every possible combination of characters until the correct password is found. The most effective defense against such attacks is to implement mechanisms that limit the rate at which an attacker can make authentication attempts. Credential lockout mechanisms that introduce increasing delays between successive failed login attempts significantly slow down brute force attacks, making them impractical to execute successfully.
While password complexity requirements (minimum length, special characters) do increase the potential keyspace an attacker must search, they don't prevent the attacker from making rapid consecutive attempts. Similarly, password expiration policies help against compromised credentials but don't directly prevent brute force attempts. Monitoring failed login attempts is useful for detection but is a detective rather than preventive control against brute force attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are credential lockout mechanisms?
Open an interactive chat with Bash
How do increasing delays affect brute force attacks?
Open an interactive chat with Bash
What is the difference between preventive and detective controls in security?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access