nerdexam
EC-Council

312-50V11 · Question #661

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is

The correct answer is A. Hardware, Software, and Sniffing.. Password retrieval during a security assessment can be accomplished through hardware keyloggers, software keyloggers, and network sniffing - all three are valid and commonly used techniques.

System Hacking

Question

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options

  • AHardware, Software, and Sniffing.
  • BHardware and Software Keyloggers.
  • CPasswords are always best obtained using Hardware key loggers.
  • DSoftware only, they are the most effective.

How the community answered

(26 responses)
  • A
    88% (23)
  • B
    4% (1)
  • C
    4% (1)
  • D
    4% (1)

Why each option

Password retrieval during a security assessment can be accomplished through hardware keyloggers, software keyloggers, and network sniffing - all three are valid and commonly used techniques.

AHardware, Software, and Sniffing.Correct

All three methods are legitimate password retrieval techniques in a penetration testing context. Hardware keyloggers are physical devices intercepting keystrokes between keyboard and system, software keyloggers capture input at the OS or application level, and network sniffing captures credentials transmitted over the wire - particularly effective against cleartext or weakly-encrypted protocols such as FTP, Telnet, and HTTP. A thorough assessment leverages all three vectors.

BHardware and Software Keyloggers.

Hardware and software keyloggers alone omit network sniffing, which is a distinct and independently effective technique for capturing credentials in transit across the network.

CPasswords are always best obtained using Hardware key loggers.

Hardware keyloggers are not always the best method - they require physical access to the target machine, making them impractical in many remote or large-scale assessment scenarios.

DSoftware only, they are the most effective.

Software keyloggers alone are insufficient as a complete methodology; hardware keyloggers and network sniffing cover attack vectors that software keyloggers cannot address.

Concept tested: Password retrieval methods in penetration testing

Source: https://owasp.org/www-project-testing-guide/

Topics

#password cracking#keyloggers#sniffing#password assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice