Security Audits

Correct Answer: Address the identified vulnerabilities and weaknesses and schedule a follow-up audit.

The correct answer is to address the identified vulnerabilities and weaknesses and schedule a follow-up audit. This ensures that the company takes corrective actions and verifies the effectiveness of those actions. Ignoring the audit results, conducting an internal audit, firing the security team, or only addressing the most critical vulnerabilities all leave the organization at risk. Shutting down the systems and halting operations is an extreme overreaction that does not address the problem.

Correct Answer: Implement account lockout policies after a defined number of failed login attempts.

The correct answer is to implement account lockout policies after a defined number of failed login attempts. This ensures that an attacker cannot continuously attempt to brute force a user's password. Disabling password requirements, allowing unlimited failed login attempts, and locking user accounts indefinitely after a single failed login attempt are poor security practices. While requiring users to change their passwords every day and implementing two-factor authentication are good security practices, they are not specific to the problem of multiple failed login attempts.

Correct Answer: Review and correct the server configuration

Reviewing and correcting the server configuration is the direct approach to address misaligned server configuration. Upgrading hardware, restricting access, changing the operating system, or involving an external consultant may not fix configuration issues and can result in additional expenses.