A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account
unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the
past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been
previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?

A.
Password complexity rules

B.
Continuous monitoring

C.
User access reviews

D.
Account lockout policies