nerdexam
EC-Council

312-50V11 · Question #538

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?

The correct answer is B. Remote service brute force attempt. The output shows repeated connection attempts to a specific service on 192.168.1.106, which is characteristic of a brute force attack trying multiple credentials.

System Hacking

Question

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Exhibit

312-50V11 question #538 exhibit

Options

  • APing sweep of the 192.168.1.106 network
  • BRemote service brute force attempt
  • CPort scan of 192.168.1.106
  • DDenial of service attack on 192.168.1.106

How the community answered

(44 responses)
  • A
    7% (3)
  • B
    70% (31)
  • C
    5% (2)
  • D
    18% (8)

Why each option

The output shows repeated connection attempts to a specific service on 192.168.1.106, which is characteristic of a brute force attack trying multiple credentials.

APing sweep of the 192.168.1.106 network

A ping sweep targets a range of IP addresses across a subnet to discover live hosts, not a single IP address repeatedly.

BRemote service brute force attemptCorrect

A remote service brute force attempt involves systematically trying many username/password combinations against a specific service such as SSH, RDP, or FTP on a target host. The output targeting a single IP with repeated access attempts to one port is the signature pattern of credential brute forcing tools like Hydra or Medusa. This differs from scanning because the attacker is already focused on a known open port and is attempting to authenticate.

CPort scan of 192.168.1.106

A port scan probes many different ports on a target to enumerate open services, not repeatedly hitting a single service.

DDenial of service attack on 192.168.1.106

A denial of service attack floods a target with traffic to exhaust resources, which would not produce the credential-attempt output pattern shown.

Concept tested: Remote service brute force attack recognition

Source: https://owasp.org/www-community/attacks/Brute_force_attack

Topics

#brute force#remote service attack#password cracking#penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice