SY0-501 Question #49: Real Exam Question with Answer & Explanation

Question

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?

Options

• APassword complexity rules
• BContinuous monitoring
• CUser access reviews
• DAccount lockout policies

Explanation

The security administrator discovered a brute force attack after multiple account lockouts. Implementing continuous monitoring would have detected the attack earlier, reducing its undetected duration.

Common mistakes.

• A. Password complexity rules strengthen user passwords, making them harder to guess, but they do not provide mechanisms for detecting ongoing brute force attempts or alerting administrators to such attacks.
• C. User access reviews periodically verify and adjust user permissions to ensure appropriate access, which is a control unrelated to the detection of login-based brute force attacks.
• D. Account lockout policies automatically lock accounts after a specified number of failed login attempts, serving as a reactive mitigation measure against brute force attacks rather than a proactive detection method to alert administrators.

Concept tested. Security event detection and continuous monitoring for attacks

Reference. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-monitoring

No community discussion yet for this question.