SY0-301 · Question #250
A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staf
The correct answer is B. Account lockout. The hacker is exploiting the Account Lockout policy. This security feature is designed to prevent brute-force password attacks by automatically locking an account after a defined number of consecutive failed login attempts. The attacker's script deliberately submits incorrect cre
Question
A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?
Options
- ADoS
- BAccount lockout
- CPassword recovery
- DPassword complexity
How the community answered
(26 responses)- A12% (3)
- B77% (20)
- C8% (2)
- D4% (1)
Explanation
The hacker is exploiting the Account Lockout policy. This security feature is designed to prevent brute-force password attacks by automatically locking an account after a defined number of consecutive failed login attempts. The attacker's script deliberately submits incorrect credentials for employee accounts, intentionally triggering the lockout threshold for each account. Once accounts are locked, legitimate remote workers cannot authenticate - effectively denying them access without the attacker ever needing the correct passwords. This turns a defensive security control into a weapon for disruption. While the end result resembles a DoS (A), DoS refers to flooding a service with traffic to make it unavailable - the underlying mechanism here is account lockout abuse. Password Recovery (C) and Password Complexity (D) are other account security controls but are not what is being exploited in this scenario.
Topics
Community Discussion
No community discussion yet for this question.