1. How many failed logons were detected?
2. What was the date/time shown at the top of the IIS log file you captured at the end
of Part 2 of the lab?
3. What options are available to prevent brute force authentication attacks in a
Windows-based domain?
4. What is an insider attack?
5. If the attacks for this lab were coming from an internal IP, would you allow the
attack to continue to investigate further or stop the attack?
6. With the information provided in this lab, what steps would you take to prevent a
reoccurrence of an external attack?
7. What is a best practice to deter insiders from even thinking about executing an
attack?