A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin" were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert.
Which of the following is the BEST explanation for these alerts?
A . The standard naming convention makes administrator accounts easy to identify and they were targeted for an attack.
B . The administrator accounts do not have rigid password complexity rules, and this made them easier to crack.
C . The company has implemented time-of-day restrictions, and this triggered a false positive alert when the administrators tried to log in.
D . The threshold for locking out administrator accounts is too high, and it should be changed from five to three to prevent unauthorized access attempts.
Answer: A
Leave a Reply