A hacker has discovered a simple way to disrupt business for the day in a small company which relies on
staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access
to company systems with a script. Which of the following security controls is the hacker exploiting?

A.
DoS

B.
Account lockout

C.
Password recovery

D.
Password complexity

Explanation:
B: Account lockout automatically disables an account due to repeated failed log on attempts. The hacker
must have executed a script to repeatedly try logging on to the remote accounts, forcing the account
lockout policy to activate.
Incorrect Answers:
A: Denial of service (DoS) is a form of attack whose principal objective is preventing the victimized system
from performing valid actions or responding to valid traffic.
C: The users did not forget their passwords, they were locked out. Furthermore, most times users would
be required to change their passwords instead of recovering them as it is not a secure solution.
D: since the hacker did not gain access to the system, password complexity would not be exploited as it
forms part of the company’s password policy.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 2913-293