An IT security analyst notices multiple user accounts from the administrative department are simultaneously locked out after a series of failed login attempts. What is the MOST likely cause of this activity?
Password spraying attempt
Legitimate users forgetting their passwords
A misconfiguration of account lockout policies
Routine system maintenance causing accidental lockouts
Concurrent account lockouts after multiple failed login attempts are a strong indicator of a password attack. Specifically, this pattern points to a password spraying attempt. In this attack, an adversary uses a few common passwords against many user accounts. While this 'low-and-slow' method can sometimes evade single-account lockout policies, attempting it against numerous accounts simultaneously can result in widespread lockouts, as seen in the scenario. The other options are less likely; it is improbable for many users to forget passwords at the same time, and a policy misconfiguration or system maintenance would not, by themselves, generate the failed login attempts that triggered the lockouts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is password spraying?
Open an interactive chat with Bash
How does account lockout policy prevent attacks?
Open an interactive chat with Bash
Why might multiple simultaneous user account lockouts indicate malicious activity?