A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:
✑ Must have a minimum of 15 characters
✑ Must use one number
✑ Must use one capital letter
✑ Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?
To provide additional security against brute-force attacks, implementing an account lockout policy is essential. This policy temporarily locks an account after a set number of failed login attempts, which significantly mitigates the risk of brute-force attacks by limiting the number of attempts an attacker can make in a short period. The other policies mentioned, such as password complexity, password history, time-based logins, and shared accounts, do not directly address the issue of mitigating brute-force attacks.
C - Account Lockout By implementing an account lockout policy, you can effectively prevent brute-force attacks on an individual account.
Account lockout can help prevent brute force. Complexity is good practice, but NIST has stated that a long password is more secure than a complex one.
keyword: Brute force attack
Account Lockout prevents brute force of passwords. Complexity already was defined - redundant answer password history already defined - redundant answer Time base logins - doesn't mitigate brute force but should be implemented Shared accounts- doesn't mitigate brute force either Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)