CompTIA SecurityX (CAS-005) — Question 260

An organization recently implemented a policy that requires all passwords to be rotated every 90 days. An administrator sees a large volume of failed sign-on logs from multiple servers that are often accessed by users. The administrator determines users are disconnecting from the RDP session but not logging off. Which of the following should the administrator do to prevent account lockouts?

Answer options

• A. Increase the account lockout threshold
• B. Enforce password complexity
• C. Automate logout of inactive sessions
• D. Extend the allowed session length

Correct answer: C

Explanation

The correct answer is C because automating the logout of inactive sessions will ensure that users who disconnect without logging off will not leave their accounts vulnerable, reducing the risk of account lockouts. Increasing the account lockout threshold (A) would not address the underlying issue of inactive sessions, while enforcing password complexity (B) and extending session length (D) do not directly resolve the problem of failed sign-ons due to disconnections.