While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be best to prevent this type of attack from being successful?
A.
Create a new rule in the IDS that triggers an alert on repeated login attempts.
B.
Implement MFA on the email portal using out-of-band code delivery.
C.
Alter the lockout policy to ensure users are permanently locked out after five attempts.
D.
Leverage password filters to prevent weak passwords on employee accounts from being exploited.
E.
Configure a WAF with brute-force protection rules in block mode.
Greeting my fellow aspiring CySA+ personnel! Although the current highest vote is marked as C, you should notice that C indicates that it will lock the person out of the account PERMANENTLY after 5 failed attempts. What if I wanted to lock the CEO out of his email account? All I would have to do is fail to login to his account 5 times and boom im locked out, but he is also locked out. See the problem that could arise here? All a person would have to do to lock everyone out of their accounts would be to spam the enter key 5 times and the account is permanently locked. Just use MFA. That way whether they know the password or not is irrelevant. That would need the out-of-band PIN or pass to log in as well.
Answer? B
I would go with C. If you get to the MFA part you know that the username and password are correct, so you can still get valuable info out of your attempt to brute force.
Out-of-band passcodes can be delivered in a variety of ways to mobile devices: Push notifications – Push notifications deliver an authentication code or OTP one-time passcode through a notification that appears on the lock screen of a customer's mobile device.
So I will go with B.
C and D are wrong because they are blocking the victim.
Go with E. To prevent a brute-force attack on an external webmail portal, configuring a WAF with brute-force protection rules in block mode would be the most effective measure
Out-of-Band code deliver means for example notification for smartpphone? If yes I concur with the answer.
@NerAlert read answer carefully. They are locking them PERNAMENTLY. The lockout should be temporary.
I have not seen out-of-band yet in my materials, why not just lock them out?
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheStudiousPeepz
Highly Voted 1 year, 7 months agoBubu3k
Highly Voted 1 year, 11 months agonovolyus
Most Recent 1 year, 7 months agoKwame25
1 year, 7 months agoAAASSAA
2 years agotutita
2 years agoDutch012
2 years agoCyberCEH
2 years, 1 month agoShareAnswers
2 years, 1 month agoBig_Dre
1 year, 10 months agosudoaptgoaway
1 year, 9 months agoHershey2025
2 years, 1 month agoZUL01
2 years, 1 month agoNerdAlert
2 years, 1 month agoNerdAlert
2 years, 1 month ago