Which measure should be taken to defeat a brute force attack?

Which measure should be taken to defeat a brute force attack?

• Only allow a limited number of authentication failures before an account is locked out.
• Only allow passwords to be stored in an encrypted format.
• Only use dictionary words that are greater than 10 characters.
• Only store the hashed equivalent of a password.

Explanation: Brute force attacks can be prevented by allowing a limited number of authentication failures before a specified user account is locked out. This will prevent excessive login attempts against a specific account.

Exam with this question: IoT Sec 1.1 Fundamentals: IoT Security Final Exam Answers