nerdexam
(ISC)2

CISSP · Question #851

The BEST method to mitigate the risk of a dictionary attack on a system is to

The correct answer is B. use complex passphrases.. A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.

Submitted by marco_it· Mar 5, 2026Identity and Access Management

Question

The BEST method to mitigate the risk of a dictionary attack on a system is to

Options

  • Ause a hardware token.
  • Buse complex passphrases.
  • Cimplement password history.
  • Dencrypt the access control list (ACL).

How the community answered

(68 responses)
  • A
    7% (5)
  • B
    87% (59)
  • C
    3% (2)
  • D
    3% (2)

Why each option

A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.

Ause a hardware token.

A hardware token provides multi-factor authentication and reduces the impact of a compromised password, but it does not directly mitigate the dictionary attack against the password itself.

Buse complex passphrases.Correct

Complex passphrases combine length, randomness, and character variety, which exponentially increases the number of possible combinations an attacker must try, rendering dictionary-based wordlists ineffective. Unlike simple passwords, passphrases that are long and non-dictionary-based cannot be cracked by iterating through known word lists. This directly neutralizes the mechanism of a dictionary attack at its core.

Cimplement password history.

Password history prevents reuse of old passwords but does nothing to stop an attacker from attempting dictionary-based guesses against a current, potentially weak password.

Dencrypt the access control list (ACL).

Encrypting the ACL protects access control entries from unauthorized viewing or tampering but has no effect on preventing brute-force or dictionary-based password guessing attempts.

Concept tested: Mitigating dictionary attacks with strong passphrases

Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

Topics

#password security#dictionary attack#passphrase#authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice