312-50V9 · Question #589
What hacking attack is challenge/response authentication used to prevent?
The correct answer is A. Replay attacks. Challenge/response authentication prevents replay attacks by ensuring each authentication exchange uses a unique, server-generated nonce that cannot be reused.
Question
What hacking attack is challenge/response authentication used to prevent?
Options
- AReplay attacks
- BScanning attacks
- CSession hijacking attacks
- DPassword cracking attacks
How the community answered
(38 responses)- A95% (36)
- B3% (1)
- D3% (1)
Why each option
Challenge/response authentication prevents replay attacks by ensuring each authentication exchange uses a unique, server-generated nonce that cannot be reused.
In a challenge/response scheme, the server sends a random nonce (the challenge) to the client, who computes a response by combining the nonce with their credentials via a hash or cryptographic function. Because each challenge is unique and single-use, an attacker who captures a valid authentication exchange cannot resubmit the same response to gain access - the server will issue a different challenge, making the captured response worthless.
Scanning attacks involve network reconnaissance such as port scanning; they are not an authentication-layer threat that challenge/response is designed to mitigate.
Session hijacking targets an already-established authenticated session by stealing session tokens, which occurs after authentication completes - challenge/response protects the authentication phase itself, not the subsequent session.
Password cracking involves offline brute-force or dictionary attacks against captured password hashes; while challenge/response avoids transmitting the plaintext password, its primary design goal is preventing replay, not stopping offline cracking attempts.
Concept tested: Challenge/response authentication preventing replay attacks
Source: https://learn.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm
Topics
Community Discussion
No community discussion yet for this question.