An organization is looking to improve its defenses against attackers attempting to guess passwords in order to breach user accounts. Which of the following is the BEST mitigation strategy to protect against such an attack?
Implement an account lockout mechanism after three unsuccessful login attempts.
Encrypt all data stored on user devices.
Add challenge-response questions to the login process.
Require passwords to meet stronger complexity requirements, including a mix of uppercase, lowercase, numbers, and special characters.
Deploy an intrusion detection system to monitor network traffic for suspicious behavior.
Implement a Virtual Private Network (VPN) for remote access to the network.
Account lockout mechanisms are an effective mitigation strategy against brute force attacks because they limit the number of failed login attempts before temporarily disabling the account. This prevents attackers from trying an excessive number of password combinations in a short amount of time, thereby thwarting brute force attacks.
Implementing stronger password complexity requirements, while beneficial to overall security, does not directly mitigate the risk of a brute force attack since attackers can still attempt numerous combinations within the complex requirements. Intrusion detection systems, encryption, and VPNs are security measures that protect against other types short of attacks and do not specifically address the issue of preventing password guessing. Challenge-response questions add an additional authentication step but can also be susceptible to brute force if not properly limited.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a brute force attack?
Open an interactive chat with Bash
What are the typical features of an account lockout mechanism?
Open an interactive chat with Bash
Why are stronger password complexity requirements not effective against brute force attacks?