CISSP Question #851: Real Exam Question with Answer & Explanation

The correct answer is B: use complex passphrases.. A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.

Submitted by marco_it· Mar 5, 2026Identity and Access Management

Question

The BEST method to mitigate the risk of a dictionary attack on a system is to

Options

Ause a hardware token.
Buse complex passphrases.
Cimplement password history.
Dencrypt the access control list (ACL).

Explanation

A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.

Common mistakes.

A. A hardware token provides multi-factor authentication and reduces the impact of a compromised password, but it does not directly mitigate the dictionary attack against the password itself.
C. Password history prevents reuse of old passwords but does nothing to stop an attacker from attempting dictionary-based guesses against a current, potentially weak password.
D. Encrypting the ACL protects access control entries from unauthorized viewing or tampering but has no effect on preventing brute-force or dictionary-based password guessing attempts.

Concept tested. Mitigating dictionary attacks with strong passphrases

Reference. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

Topics

#password security#dictionary attack#passphrase#authentication

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions