Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access
an account at a bank teller machine?
A.
Account expiration settings
B.
Complexity of PIN
C.
Account lockout settings
D.
PIN history requirements
Explanation:
Account lockout settings determine the number of failed login attempts before the account gets locked
and how long the account will be locked out for. For example, an account can be configured to lock if
three incorrect passwords (or in this case PIN’s) are entered. The account can then be configured to
automatically unlock after a period of time or stay locked until someone manually unlocks it.
Incorrect Answers:
A: Account expiration settings determine when an account will expire. This is usually a time or date. An
account configured with an expiration date will not prevent an attacker trying to brute force a PIN as the
attacker could make as many attempts as he wants until the time or date of the account expiration.
B: Complexity of PIN: Password complexity determines what a password should include. For example, you
could require a password to contain uppercase and lowercase letters and numbers.
The question states that access is gained by using a 4-digit PIN number. The “complexity” of the PIN is 4
numbers. There’s not much you can do to make a 4 digit PIN more complex other than require that no
numbers are repeated. You could only change the length of the PIN to make it more difficult to guess. PIN
complexity will not prevent an attacker trying to brute force a PIN.
D: PIN history requirements are used when people change their PINs. PIN history requirements could
state that you cannot use any of your five previously used PINs. PIN history will not prevent an attacker
trying to brute force a PIN.https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx