Certified Information Security Manager (CISM) — Question 261

Which of the following is the BEST defense against a brute force attack?

Answer options

• A. Intruder detection lockout
• B. Time-of-day restrictions
• C. Discretionary access control
• D. Mandatory access control

Correct answer: A

Explanation

The correct answer, Intruder detection lockout, is effective because it temporarily locks an account after a specified number of failed login attempts, thus preventing further attempts by an attacker. Time-of-day restrictions, discretionary access control, and mandatory access control do not specifically address the brute force attack vector in the same direct manner, making them less effective in this scenario.