A security analyst is reviewing authentication logs and observes a high volume of failed login attempts originating from a single IP address. The attempts are distributed across hundreds of different user accounts, with only one or two password attempts per account before moving to the next. Which of the following security controls is specifically designed to frustrate this type of attack?
The scenario described is a classic password spraying attack. An account lockout policy is a direct countermeasure that is specifically designed to mitigate such attacks. By locking an account after a small number of failed login attempts (e.g., 3-5), it prevents the attacker from trying even a few common passwords against many accounts without triggering lockouts, which would disrupt the attack and alert security personnel. Multi-factor authentication (MFA) is an excellent control that prevents access even with a compromised password, but it does not stop the password guessing attempts themselves. A password complexity policy makes passwords harder to guess but does not stop the spraying action. Geofencing is only effective if the attack originates from an untrusted geographical location and would not stop a domestic or internal attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a password spraying attack?
Open an interactive chat with Bash
How does an account lockout policy work?
Open an interactive chat with Bash
What are the benefits of implementing an account lockout policy?