Which of the following is the best way to reduce brute-force attacks that allow intruders to uncover users’ passwords?

A.
Increase the clipping level.

B.
Lock out an account for a certain amount of time after the clipping level is reached.

C.
After a threshold of failed login attempts is met, the administrator must physically lock out the account.

D.
Choose a weaker algorithm that encrypts the password file.

Explanation:
B: A brute-force attack is an attack that continually tries different inputs to achieve a predefined goal, which can then be used to obtain credentials for
unauthorized access. A brute-force attack to uncover passwords means that the intruder is attempting all possible sequences of characters to uncover the correct
password. If the account would be disabled (or locked out) after this type of attack attempt took place, this would prove to be a good countermeasure.
+ A is incorrect because clipping levels should be implemented to establish a baseline of user activity and acceptable errors. An entity attempting to log in to an
account should be locked out once the clipping level is met. A higher clipping level gives an attacker more attempts between alerts or lockout. Decreasing the
clipping level would be a good countermeasure.
+ C is incorrect because it is not practical to have an administrator physically lock out accounts. This type of activity can easily be taken care of through
automated software mechanisms. Accounts should be automatically locked out for a certain amount of time after a threshold of failed login attempts has been met.
+ D is incorrect because using a weaker algorithm that encrypts passwords and/or password files would increase the likelihood of success of a brute-force attack.