nerdexam
EC-Council

312-50V9 · Question #568

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Rip

The correct answer is C. Hybrid. A hybrid attack combines dictionary words with brute-force character variations - such as appending numbers or symbols - to crack passwords that neither method alone would efficiently break.

System Hacking

Question

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Options

  • AFull Blown
  • BThorough
  • CHybrid
  • DBruteDics

How the community answered

(19 responses)
  • B
    5% (1)
  • C
    89% (17)
  • D
    5% (1)

Why each option

A hybrid attack combines dictionary words with brute-force character variations - such as appending numbers or symbols - to crack passwords that neither method alone would efficiently break.

AFull Blown

'Full Blown' is not a recognized or defined term in password-cracking methodology or security literature.

BThorough

'Thorough' is a generic descriptive adjective and does not name any established password attack technique.

CHybridCorrect

A hybrid attack uses dictionary words as a base and then applies brute-force mutations such as appending digits, substituting characters (e.g., 'a' to '@'), or adding common suffixes to each candidate. This strategy combines the efficiency of dictionary-based guessing with the exhaustiveness of brute force, making it effective against predictable patterns like 'Password1' that survive pure dictionary attacks but are too structured to require full random brute force.

DBruteDics

'BruteDics' is a fabricated term that does not appear in any security framework, certification body, or cracking tool documentation.

Concept tested: Hybrid password attack combining dictionary and brute force

Source: https://owasp.org/www-community/attacks/Credential_stuffing

Topics

#hybrid attack#dictionary attack#brute force#password cracking

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice