CompTIA CySA+ (CS0-002) — Question 203

While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be best to prevent this type of attack from being successful?

Answer options

• A. Create a new rule in the IDS that triggers an alert on repeated login attempts.
• B. Implement MFA on the email portal using out-of-band code delivery.
• C. Alter the lockout policy to ensure users are permanently locked out after five attempts.
• D. Leverage password filters to prevent weak passwords on employee accounts from being exploited.
• E. Configure a WAF with brute-force protection rules in block mode.

Correct answer: C

Explanation

The correct answer is C because altering the lockout policy to permanently lock users after a specified number of failed attempts will deter attackers from continuing their brute-force attempts. Options A and B improve security but do not directly prevent brute-force attacks. Option D addresses password strength but does not prevent an attack once a valid password is attempted. Option E is also effective but would not be the best primary measure compared to a strict lockout policy.