nerdexam
EC-Council

312-50V10 · Question #661

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is

The correct answer is A. Hardware, Software, and Sniffing.. Retrieving passwords from hosts and servers encompasses three distinct techniques - hardware keyloggers, software keyloggers, and network sniffing - making all three the most complete answer.

System Hacking

Question

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options

  • AHardware, Software, and Sniffing.
  • BHardware and Software Keyloggers.
  • CPasswords are always best obtained using Hardware key loggers.
  • DSoftware only, they are the most effective.

How the community answered

(27 responses)
  • A
    93% (25)
  • C
    4% (1)
  • D
    4% (1)

Why each option

Retrieving passwords from hosts and servers encompasses three distinct techniques - hardware keyloggers, software keyloggers, and network sniffing - making all three the most complete answer.

AHardware, Software, and Sniffing.Correct

Hardware keyloggers physically intercept keystrokes between the keyboard and computer. Software keyloggers capture keystrokes at the OS or application layer. Network sniffing captures credentials transmitted in cleartext protocols such as Telnet, FTP, or basic HTTP - together these three methods cover the full attack surface for password retrieval across both local and network vectors.

BHardware and Software Keyloggers.

Hardware and software keyloggers are valid but this answer omits network sniffing, which is a significant and commonly exploited method for capturing credentials in transit.

CPasswords are always best obtained using Hardware key loggers.

Hardware keyloggers require physical access and are therefore not always the most practical method; software keyloggers and sniffing are often more scalable and easier to deploy remotely.

DSoftware only, they are the most effective.

Software-only methods miss hardware keyloggers and network sniffing, both of which are widely documented and effective password-retrieval techniques in real-world assessments.

Concept tested: Password retrieval methods - hardware, software, and sniffing

Source: https://owasp.org/www-community/attacks/Credential_stuffing

Topics

#password cracking#keyloggers#sniffing#password assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice