[&] What is the purpose of implementing account lockouts in web applications?
- To confuse unauthorized users
- To encourage frequent password changes
- To limit failed login attempts and prevent brute force attacks
- To make the website faster

[&] Which of the following is a sign of a strong password policy in web applications?
- Allowing users to repeat passwords
- Disabling account lockouts
- Use of minimum length and mixed character requirements
- Suggesting easy passwords to users

[&] Why is it important for error messages to be generic immediately following a failed login attempt?
- To avoid giving clues to attackers about user accounts
- To reassure users that their data is secure
- To boost user experience by limiting information
- To comply with international data laws

[&] What distinguishes a brute force attack from a dictionary attack?
- Brute force relies on outdated software, dictionary uses network attacks
- Brute force uses all combinations, while dictionary uses common passwords
- Brute force uses social data, dictionary uses email lists
- Brute force is faster than dictionary attacks

[&] What is the primary goal of testing for a weak password policy in web applications?
- To ensure the application doesn't allow weak passwords
- To verify the application's user interface design
- To check if the application loads quickly
- To analyze the application's source code for bugs

[&] What is a dictionary attack?
- An attack where predefined common passwords are used
- An attack using social engineering techniques
- An attack targeting the network hardware
- An attack where every possible combination is tried