An IT security analyst notices multiple user accounts from the administrative department are simultaneously locked out after a series of failed login attempts. What is the MOST likely indicator of malicious activity?
A misconfiguration of account lockout policies
Password spraying attempt
Routine system maintenance causing accidental lockouts
Concurrent account lockouts following a series of failed login attempts are indicative of a password attack, potentially a password spraying attempt where an attacker uses a common password against many accounts before moving on to try a different password, to avoid account lockout thresholds. Account lockouts are a common indicator of such attacks. The other options are potential indications of malicious activity, but they are not as closely related to the scenario of multiple user accounts being locked out due to failed login attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is password spraying?
Open an interactive chat with Bash
How does account lockout policy prevent attacks?
Open an interactive chat with Bash
Why might multiple simultaneous user account lockouts indicate malicious activity?