nerdexam
(ISC)2

CISSP · Question #138

Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

The correct answer is B. Brute force, dictionary, phishing, keylogger. This question tests knowledge of common password attack techniques that MFA is designed to mitigate. Brute force, dictionary, phishing, and keyloggers are all recognized methods used to compromise passwords.

Submitted by kwame.gh· Mar 5, 2026Identity and Access Management

Question

Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

Options

  • AMasquerading, salami, malware, polymorphism
  • BBrute force, dictionary, phishing, keylogger
  • CZeus, netbus, rabbit, turtle
  • DToken, biometrics, IDS, DLP

How the community answered

(45 responses)
  • A
    2% (1)
  • B
    93% (42)
  • D
    4% (2)

Why each option

This question tests knowledge of common password attack techniques that MFA is designed to mitigate. Brute force, dictionary, phishing, and keyloggers are all recognized methods used to compromise passwords.

AMasquerading, salami, malware, polymorphism

Masquerading is an identity spoofing attack, salami is a financial fraud technique involving small incremental theft, and polymorphism is a malware evasion technique - none of these are classified as password attacks.

BBrute force, dictionary, phishing, keyloggerCorrect

Brute force attacks systematically try all possible password combinations, dictionary attacks use lists of common words/passwords, phishing tricks users into revealing credentials via deceptive communications, and keyloggers capture keystrokes to steal passwords as they are typed. All four are well-established, distinct password attack vectors that MFA directly addresses by requiring a second factor even if the password is compromised.

CZeus, netbus, rabbit, turtle

Zeus is a banking trojan malware family, NetBus is a remote access trojan, and 'rabbit' and 'turtle' are not recognized standard password attack techniques, making this list incorrect.

DToken, biometrics, IDS, DLP

Token, biometrics, IDS (Intrusion Detection System), and DLP (Data Loss Prevention) are all security controls and defensive technologies, not password attack methods.

Concept tested: Common password attack types and MFA relevance

Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Topics

#password attacks#brute force#dictionary attack#phishing#keylogger

Community Discussion

No community discussion yet for this question.

Full CISSP Practice