A university employee has logged on to an academic server and attempted to guess the system administrator's login credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrator's accounts?

While two-factor authentication (2FA) adds an extra layer of security by requiring a second form of verification besides a password, it does not inherently provide monitoring capabilities. 2FA prevents unauthorized access but does not log or analyze attempts, making it ineffective for detecting repeated guessing of login credentials.

A firewall serves to filter incoming and outgoing network traffic based on predetermined security rules. Although it is crucial for protecting network boundaries, a firewall does not log specific user actions or attempts to access individual accounts. Thus, it cannot provide the necessary insights to detect the employee's login attempts on the academic server.

An intrusion prevention system (IPS) actively monitors network traffic for suspicious activities and can block potential threats in real-time. However, while it can help in proactive defense, it may not maintain detailed records of user actions, making it less effective for post-incident analysis of access attempts compared to user activity logs.