312-50V10 Question #676: Real Exam Question with Answer & Explanation

Question

Options

• AYou attempt every single possibility until you exhaust all possible combinations or discover the
• BYou threaten to use the rubber hose on someone unless they reveal their password
• CYou load a dictionary of words into your cracking program
• DYou create hashes of a large number of words and compare it with the encrypted passwords
• EYou wait until the password expires

Explanation

A brute force attack on passwords systematically tries every possible character combination until the correct password is found or all possibilities are exhausted.

Common mistakes.

• B. Using physical coercion or threats to obtain a password is called a rubber hose attack or coercion, which is a social engineering technique rather than a technical brute force method.
• C. Loading a list of common or known words into a cracking program is a dictionary attack, which tests only pre-selected words rather than all possible combinations.
• D. Pre-computing hashes for a large set of words and comparing them against stored hashes describes a rainbow table attack, a time-memory tradeoff technique distinct from brute force.
• E. Waiting for a password to expire is a passive account-monitoring strategy and has no relation to any active password cracking methodology.

Concept tested. Brute force password attack definition vs. other attack types

Reference. https://csrc.nist.gov/glossary/term/brute_force_password_attack

No community discussion yet for this question.