An IT security analyst notices multiple user accounts from the administrative department are simultaneously locked out after a series of failed login attempts. What is the MOST likely indicator of malicious activity?
Password spraying attempt
Legitimate users forgetting their passwords
A misconfiguration of account lockout policies
Routine system maintenance causing accidental lockouts
Concurrent account lockouts following a series of failed login attempts are indicative of a password attack, potentially a password spraying attempt where an attacker uses a common password against many accounts before moving on to try a different password, to avoid account lockout thresholds. Account lockouts are a common indicator of such attacks. The other options are potential indications of malicious activity, but they are not as closely related to the scenario of multiple user accounts being locked out due to failed login attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.