CISSP · Question #138
Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?
The correct answer is B. Brute force, dictionary, phishing, keylogger. This question tests knowledge of common password attack techniques that MFA is designed to mitigate. Brute force, dictionary, phishing, and keyloggers are all recognized methods used to compromise passwords.
Question
Options
- AMasquerading, salami, malware, polymorphism
- BBrute force, dictionary, phishing, keylogger
- CZeus, netbus, rabbit, turtle
- DToken, biometrics, IDS, DLP
How the community answered
(45 responses)- A2% (1)
- B93% (42)
- D4% (2)
Why each option
This question tests knowledge of common password attack techniques that MFA is designed to mitigate. Brute force, dictionary, phishing, and keyloggers are all recognized methods used to compromise passwords.
Masquerading is an identity spoofing attack, salami is a financial fraud technique involving small incremental theft, and polymorphism is a malware evasion technique - none of these are classified as password attacks.
Brute force attacks systematically try all possible password combinations, dictionary attacks use lists of common words/passwords, phishing tricks users into revealing credentials via deceptive communications, and keyloggers capture keystrokes to steal passwords as they are typed. All four are well-established, distinct password attack vectors that MFA directly addresses by requiring a second factor even if the password is compromised.
Zeus is a banking trojan malware family, NetBus is a remote access trojan, and 'rabbit' and 'turtle' are not recognized standard password attack techniques, making this list incorrect.
Token, biometrics, IDS (Intrusion Detection System), and DLP (Data Loss Prevention) are all security controls and defensive technologies, not password attack methods.
Concept tested: Common password attack types and MFA relevance
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Topics
Community Discussion
No community discussion yet for this question.