A security analyst receives an alert that a user account has been locked out multiple times within 10 minutes. The analyst checks the account and finds it is a service account used for automated backups. What is the most likely cause?
Trap 1: The service account's certificate has expired.
Certificate expiration does not cause account lockouts; it affects authentication via certificates, not password-based lockouts.
Trap 2: A brute force attack is targeting the service account.
Brute force attacks typically target user accounts, not service accounts, and would generate many failed logins, not just lockouts.
Trap 3: The account password has expired and needs to be reset.
Password expiry does not cause lockouts; it prevents login.
- A
The service account's certificate has expired.
Why wrong: Certificate expiration does not cause account lockouts; it affects authentication via certificates, not password-based lockouts.
- B
A brute force attack is targeting the service account.
Why wrong: Brute force attacks typically target user accounts, not service accounts, and would generate many failed logins, not just lockouts.
- C
The account password has expired and needs to be reset.
Why wrong: Password expiry does not cause lockouts; it prevents login.
- D
The service is using cached credentials that are out of sync with the domain controller.
Service accounts often cache credentials; if the password changes or becomes out of sync, repeated lockouts occur.