CompTIA Security+ (SY0-501) — Question 944

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.
Which of the following can be implemented to reduce the likelihood of this attack going undetected?

Answer options

• A. Password complexity rules
• B. Continuous monitoring
• C. User access reviews
• D. Account lockout policies

Correct answer: B

Explanation

Implementing continuous monitoring allows for real-time detection of suspicious activities, such as brute force attacks, making it more likely to catch these incidents early. While password complexity rules, user access reviews, and account lockout policies are important security measures, they do not provide the immediate visibility into account lockout events that continuous monitoring does.