CompTIA CySA+ (CS0-003) — Question 110

A high volume of failed RDP authentication attempts was logged on a critical server within a one-hour period. All of the attempts originated from the same remote IP address and made use of a single valid domain user account. Which of the following would be the most effective mitigating control to reduce the rate of success of this brute-force attack?

Answer options

• A. Enabling a user account lockout after a limited number of failed attempts
• B. Installing a third-party remote access tool and disabling RDP on all devices
• C. Implementing a firewall block for the remote system's IP address
• D. Increasing the verbosity of log-on event auditing on all devices

Correct answer: A

Explanation

The correct answer is A because enabling a user account lockout after a certain number of failed attempts effectively prevents further login attempts from that user account, thus mitigating the brute-force attack. Options B and C could help, but they are not as directly effective as locking the account in response to failures. Option D would improve logging but does not directly stop the attack.