nerdexam
Exams312-50V10Questions#660
EC-Council

312-50V10 · Question #660

312-50V10 Question #660: Real Exam Question with Answer & Explanation

The correct answer is B: Brute force. When a token performs PIN verification offline, an attacker in possession of the token can systematically try all possible PIN combinations without network-side lockout policies intervening.

System Hacking

Question

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options

  • ABirthday
  • BBrute force
  • CMan-in-the-middle
  • DSmurf

Explanation

When a token performs PIN verification offline, an attacker in possession of the token can systematically try all possible PIN combinations without network-side lockout policies intervening.

Common mistakes.

  • A. A birthday attack targets hash collision probability and is used against cryptographic functions, not against guessing a numeric PIN.
  • C. A man-in-the-middle attack requires intercepting live communications between two parties; it is irrelevant when the attacker has physical possession of the token and checks offline.
  • D. A smurf attack is an ICMP-based distributed denial-of-service amplification technique and has no relationship to token PIN authentication.

Concept tested. Offline PIN brute force against hardware tokens

Reference. https://csrc.nist.gov/publications/detail/sp/800-63b/final

Topics

#token authentication#PIN brute force#offline attack#multi-factor authentication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice