As a security administrator, you have implemented a new company policy to review firewall logs daily. During one review, you notice numerous login attempts from foreign IP addresses taking place outside of business hours. Based on this information, which of the following actions should be prioritized to enhance network security?
Configure account lockout thresholds to prevent brute-force attacks
Update the firmware on the firewall to the latest version
Review the latest operating-system patches for all company servers
Conduct an additional security-awareness training session focusing on foreign cyber threats
Although several measures could improve the organization's overall security posture, the activity in the logs indicates a likely brute-force or credential-stuffing attack against user accounts. Establishing appropriate account lockout thresholds restricts the number of consecutive failed authentication attempts, effectively limiting an attacker's ability to guess valid credentials. Routine tasks such as updating firewall firmware and applying operating-system patches improve resilience against known vulnerabilities but do not directly curtail the observed login attempts. Additional user security-awareness training is valuable but likewise does nothing to stop automated, external password-guessing activity. Therefore, configuring and enforcing account lockout thresholds is the most immediate and relevant mitigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are account lockout thresholds?
Open an interactive chat with Bash
What constitutes a brute-force attack?
Open an interactive chat with Bash
How do I know if a foreign IP address is a threat?