What is the minimum lockout duration after a user is locked out?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Requirements Test with our interactive quizzes. Use multiple choice questions, flashcards, and detailed explanations. Ace your exam with confidence!

Multiple Choice

What is the minimum lockout duration after a user is locked out?

Explanation:
Locking an account after failed login attempts is a security control to slow down brute-force or credential-stuffing attacks. Setting a minimum lockout duration protects users and systems by preventing rapid repeated guesses, while still allowing legitimate access to be restored when appropriate. The best choice states a minimum of 30 minutes, or until an administrator unlocks the user ID. This captures two important ideas: first, the user must wait at least 30 minutes before trying again, which reduces the window for automated guessing; second, an administrator can unlock the account if the user is legitimate and needs access sooner. The other options either propose shorter or longer durations than the required minimum, which doesn’t meet the specified policy, and they don’t include the admin unlock option that legitimately handles approved access restoration.

Locking an account after failed login attempts is a security control to slow down brute-force or credential-stuffing attacks. Setting a minimum lockout duration protects users and systems by preventing rapid repeated guesses, while still allowing legitimate access to be restored when appropriate.

The best choice states a minimum of 30 minutes, or until an administrator unlocks the user ID. This captures two important ideas: first, the user must wait at least 30 minutes before trying again, which reduces the window for automated guessing; second, an administrator can unlock the account if the user is legitimate and needs access sooner. The other options either propose shorter or longer durations than the required minimum, which doesn’t meet the specified policy, and they don’t include the admin unlock option that legitimately handles approved access restoration.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy