Which of the following is MOST likely the issue, and what should be done?

An organization has the following password policies:

– Passwords must be at least 16 characters long.

– Three tailed login attempts will lock the account (or live minutes.

– Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.

A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on the same server.

Which of the following is MOST likely the issue, and what should be done?
A . Some users have reset their account to a previously used password; implement a password history policy.
B . Service accounts are being used to log onto the server; restrict service account permissions to read/ write.
C . Single sign-on is allowing remote logins to the database server; disable single sign-on until it can be properly configured.
D . Users are logging in after working hours; implement a time-of-day restriction for the database servers.