A security administrator returning from a short vacation receives an account lock-out message when attempting
to log into the computer. After getting the account unlocked the security administrator immediately notices a
large amount of emails alerts pertaining to several different user accounts being locked out during the past
three days. The security administrator uses system logs to determine that the lock-outs were due to a brute
force attack on all accounts that has been previously logged into that machine.
Which of the following can be implemented to reduce the likelihood of this attack going undetected?
Password complexity rules
User access reviews
Account lockout policies