Information Technology Specialist (ITS) Cybersecurity 2025 – 400 Free Practice Questions to Pass the Exam

The choice to limit the number of login retries is crucial for protecting Windows systems from brute force attacks. Brute force attacks involve systematically trying many combinations of passwords to gain unauthorized access. By imposing a limit on the number of allowed login attempts, the system can effectively reduce the risk of such attacks succeeding. Once the limit is reached, the account may be temporarily locked or further attempts may be slowed, making it increasingly impractical for an attacker to continue their efforts without detection.

While the other password policies mentioned, such as using complex passwords, enforcing two-factor authentication, and using password expiration, provide significant layers of security, they tackle different aspects of security management. Complex passwords help defend against guessing while two-factor authentication adds an additional verification step beyond the password itself. Password expiration ensures that credentials are updated over time to minimize the risk of long-term access with compromised passwords. However, none address the immediate risk of multiple automated attempts to crack an account, making the limitation on login retries a direct countermeasure against brute force tactics.