Q: 2
Which of the following policies would be BEST to deter a brute-force login attack?
Options
Discussion
D . Had something like this in a mock and account lockout threshold was flagged as the key control. It directly blocks repeated failed logins, which is exactly how brute-force works. Password complexity helps but doesn't actually stop the attempts.
Not convinced it's A. D actually prevents brute-force by locking the account, while complexity just makes guessing harder but doesn't block attempts.
D imo, official study guide and practice test both mention lockout policies as effective against brute-force.
Makes sense to pick D for this. Lockout threshold actually blocks the brute-force after a set number of tries.
I don’t think it’s A. D is way better here since account lockout actually halts brute-force attacks as soon as the threshold is hit. The others help password strength but don't actively stop attack attempts. Pretty sure on this.
A , seen similar question on practice and complexity always gets flagged as a must-have.
Its A
Wouldn’t account lockout be a problem if users get locked out during legit failed attempts? Still, D is correct unless the environment can’t handle potential user lockouts.
D lockout threshold is what actually blocks brute-force. Password complexity just slows it, not stops it outright.
Dont think it’s A. D is more direct against brute-force since lockout stops repeated logins, but password complexity is a trap here.
Be respectful. No spam.
