Exam CS0-003 topic 1 question 386 discussion

Your first layer of protection against dictionary attacks would be password complexity. Second layer would be multifactor authentication.

Lockout policies are specifically created to counter dictionary attacks. It locks the account for a certain amount of time after so many failed attempts, which would make it extremely time consuming and impractical for the attacker to target. MFA and complex passwords are also good measures but they wouldn't directly address the constant bombardment of login attempts. A WAF might be of assistance as well but it's questionable since most brute force attacks come in the form of legitimate login attempts

B would not mitigate the issue only A

I'm saying B. The questions states there are indicators of dictionary attacks. To best protect against dictionary attacks would be Password complexity.

The best option to mitigate dictionary attacks is: D. Lockout policy ✅

The answer is D and here's why: even if you implemented complex passwords it could be leaked on the dark web, therefore it's not B. and its not A because MFA can be bypassed.

I agree with speed I think the answer is A because even if they guess the password they would need another form of authentication to login to the account.

They're definitely looking for password complexity here with the key term dictionary attack. Dictionary attacks thrive off of weak passwords.

its A, since the attacker would also need the other factor. Password complexity wouldn't fix the issue since its a dictionary attack. when you use complicated passwords people start to use the waterfall password, or other simple methods. Lockout policy would be good but the attacker could get lucky and still gain access within the lockout limit. MFA is the best solution compared to all the other options above.