Weekly CISSP Exam Questions
What should be implemented to mitigate the risk of password brute-force attacks?
A. Password rotation
B. Password complexity
C. Account lockout
D. Multi-factor authentication
Answer: C
Explanation:
Account lockout: This mechanism will lock an account for a predefined period after a certain number of unsuccessful login attempts. This directly mitigates the risk of a brute-force attack by making it increasingly difficult for an attacker to guess the password due to time constraints and the possibility of alerting administrators.
Here's a breakdown of the other options:
Password rotation: While changing passwords frequently can reduce the window of opportunity for an attacker, it does not specifically defend against a brute-force attack where an attacker is trying multiple passwords in quick succession.
Password complexity: Complex passwords make it harder for an attacker to guess the password but do not prevent them from attempting to do so repeatedly.
Multi-factor authentication (MFA): Although MFA significantly improves account security and could effectively mitigate the risk of a brute-force attack, it might not be as directly targeted to the brute-force attack scenario as the account lockout mechanism. MFA often involves additional infrastructure and user training.
Therefore, to specifically mitigate the risk of password brute-force attacks, Account lockout is the most directly relevant measure.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
