nerdexam
EC-Council

312-50V9 · Question #589

What hacking attack is challenge/response authentication used to prevent?

The correct answer is A. Replay attacks. Challenge/response authentication prevents replay attacks by ensuring each authentication exchange uses a unique, server-generated nonce that cannot be reused.

Session Hijacking

Question

What hacking attack is challenge/response authentication used to prevent?

Options

  • AReplay attacks
  • BScanning attacks
  • CSession hijacking attacks
  • DPassword cracking attacks

How the community answered

(38 responses)
  • A
    95% (36)
  • B
    3% (1)
  • D
    3% (1)

Why each option

Challenge/response authentication prevents replay attacks by ensuring each authentication exchange uses a unique, server-generated nonce that cannot be reused.

AReplay attacksCorrect

In a challenge/response scheme, the server sends a random nonce (the challenge) to the client, who computes a response by combining the nonce with their credentials via a hash or cryptographic function. Because each challenge is unique and single-use, an attacker who captures a valid authentication exchange cannot resubmit the same response to gain access - the server will issue a different challenge, making the captured response worthless.

BScanning attacks

Scanning attacks involve network reconnaissance such as port scanning; they are not an authentication-layer threat that challenge/response is designed to mitigate.

CSession hijacking attacks

Session hijacking targets an already-established authenticated session by stealing session tokens, which occurs after authentication completes - challenge/response protects the authentication phase itself, not the subsequent session.

DPassword cracking attacks

Password cracking involves offline brute-force or dictionary attacks against captured password hashes; while challenge/response avoids transmitting the plaintext password, its primary design goal is preventing replay, not stopping offline cracking attempts.

Concept tested: Challenge/response authentication preventing replay attacks

Source: https://learn.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm

Topics

#challenge-response#replay attacks#authentication#session security

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice