312-50V10 · Question #157
A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the
The correct answer is D. Dictionary-attack. The student is using a predefined list of commonly used passwords to crack a PDF, which is the defining characteristic of a dictionary attack. A brute-force attack differs by trying every possible character combination rather than a curated wordlist.
Question
A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?
Options
- AMan-in-the-middle attack
- BSession hijacking
- CBrute-force attack
- DDictionary-attack
How the community answered
(45 responses)- A4% (2)
- B2% (1)
- C2% (1)
- D91% (41)
Why each option
The student is using a predefined list of commonly used passwords to crack a PDF, which is the defining characteristic of a dictionary attack. A brute-force attack differs by trying every possible character combination rather than a curated wordlist.
A man-in-the-middle attack intercepts live communication between two parties and does not involve attempting to crack a static document's encryption password.
Session hijacking involves stealing or forging an authenticated session token in a live network session, not attacking the encryption of an offline document.
A brute-force attack systematically tries every possible character combination without a predefined list, whereas using a specific wordlist of common passwords defines a dictionary attack.
A dictionary attack uses a precompiled list of likely or commonly used passwords to attempt authentication against a target. Unlike brute-force, it does not enumerate every possible combination but relies on the statistical likelihood that users choose predictable passwords. The student's explicit use of 'a list of commonly used passwords' precisely matches this definition.
Concept tested: Dictionary attack versus brute-force cryptography
Source: https://csrc.nist.gov/glossary/term/dictionary_attack
Topics
Community Discussion
No community discussion yet for this question.