CISA Certified Information Systems Auditor – Question1136

Which of the following controls is MOST appropriate against brute force attacks at login?

A.
Storing password files using one-way encryption
B. Locking the account after three invalid passwords
C. Storing passwords under a one-way hash function
D. Increasing the minimum password length to 10 characters

Correct Answer: B