CISSP · Question #851
The BEST method to mitigate the risk of a dictionary attack on a system is to
The correct answer is B. use complex passphrases.. A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.
Question
The BEST method to mitigate the risk of a dictionary attack on a system is to
Options
- Ause a hardware token.
- Buse complex passphrases.
- Cimplement password history.
- Dencrypt the access control list (ACL).
How the community answered
(68 responses)- A7% (5)
- B87% (59)
- C3% (2)
- D3% (2)
Why each option
A dictionary attack attempts to guess passwords using lists of common words and phrases. Using complex passphrases significantly increases the search space, making such attacks computationally infeasible.
A hardware token provides multi-factor authentication and reduces the impact of a compromised password, but it does not directly mitigate the dictionary attack against the password itself.
Complex passphrases combine length, randomness, and character variety, which exponentially increases the number of possible combinations an attacker must try, rendering dictionary-based wordlists ineffective. Unlike simple passwords, passphrases that are long and non-dictionary-based cannot be cracked by iterating through known word lists. This directly neutralizes the mechanism of a dictionary attack at its core.
Password history prevents reuse of old passwords but does nothing to stop an attacker from attempting dictionary-based guesses against a current, potentially weak password.
Encrypting the ACL protects access control entries from unauthorized viewing or tampering but has no effect on preventing brute-force or dictionary-based password guessing attempts.
Concept tested: Mitigating dictionary attacks with strong passphrases
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
Topics
Community Discussion
No community discussion yet for this question.