An organization is reviewing its security policies to better protect against unauthorized access to employee accounts. Which of the following would be the BEST mitigation strategy to prevent a brute force attack on user passwords?
Enabling account lockouts after a specified number of failed login attempts
Disabling unused accounts
Implementing strong password policies that require complex passwords
Monitoring for unauthorized access attempts on user accounts
Account lockouts are an effective mitigation strategy against brute force attacks because they prevent unlimited, rapid guessing of passwords by locking the account after a certain number of failed login attempts. This drastically reduces the attacker's ability to systematically try all possible password combinations, thus safeguarding against brute force attacks. While all other options can enhance security, they do not specifically address the prevention of brute force attacks on passwords as directly as account lockouts do. Strong password policies make it more difficult for brute force attacks to succeed but do not stop attempts. Monitoring for unauthorized access can detect an ongoing attack but may not prevent it. Disabling unused accounts helps reduce the attack surface but does not directly prevent a brute force attack on active accounts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are brute force attacks and how do they work?
Open an interactive chat with Bash
Why are account lockouts after failed login attempts effective?
Open an interactive chat with Bash
What are strong password policies and how do they impact security?