CompTIA Security+ (SY0-501) — Question 381

A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered?

Answer options

• A. Password history
• B. Account lockout
• C. Account expiration
• D. Password complexity

Correct answer: B

Explanation

The best defense against brute force attacks is an Account lockout, which temporarily disables an account after a certain number of failed login attempts. This significantly limits the attacker's ability to guess passwords. Other options, like Password history and Password complexity, contribute to security but do not directly stop brute forcing in the same effective manner as Account lockout.