SY0-501 · Question #272
SY0-501 Question #272: Real Exam Question with Answer & Explanation
The correct answer is A: Account lockout. When user accounts are compromised and generating spam with malicious code, account lockout policies can automatically disable those accounts after suspicious activity, stopping the attack at the authentication layer.
Question
Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents?
Options
- AAccount lockout
- BGroup Based Privileges
- CLeast privilege
- DPassword complexity
Explanation
When user accounts are compromised and generating spam with malicious code, account lockout policies can automatically disable those accounts after suspicious activity, stopping the attack at the authentication layer.
Common mistakes.
- B. Group Based Privileges controls what resources groups of users can access, but does not directly stop already-authenticated compromised accounts from sending spam.
- C. Least privilege limits what actions and resources a user account can access, but if the account is already compromised and has sufficient permissions to send email, it does not stop the ongoing spam activity.
- D. Password complexity helps prevent accounts from being compromised in the first place, but since the accounts are already generating spam, enforcing complexity now does not immediately stop the active incidents.
Concept tested. Account lockout policy to mitigate compromised accounts
Community Discussion
No community discussion yet for this question.