A security administrator returning from a short vacation receives an account lock-out message
when attempting to log into the computer. After getting the account unlocked the security
administrator immediately notices a large amount of emails alerts pertaining to several different
user accounts being locked out during the past three days. The security administrator uses system
logs to determine that the lock-outs were due to a brute force attack on all accounts that has been
previously logged into that machine. Which of the following can be implemented to reduce the
likelihood of this attack going undetected?

A.
Password complexity rules

B.
Continuous monitoring

C.
User access reviews

D.
Account lockout policies