nerdexam
GIAC

GCFA · Question #292

GCFA Question #292: Real Exam Question with Answer & Explanation

The correct answer is C. Brute force attack. A brute force attack cracks hashed passwords by exhaustively hashing candidate passwords and comparing them to the stored hash until a match is found.

Question

Which of the following types of attack can guess a hashed password?

Options

  • ADenial of Service attack
  • BEvasion attack
  • CBrute force attack
  • DTeardrop attack

Explanation

A brute force attack cracks hashed passwords by exhaustively hashing candidate passwords and comparing them to the stored hash until a match is found.

Common mistakes.

  • A. A Denial of Service attack floods a target system with traffic or requests to exhaust resources and make services unavailable - it has no mechanism for attempting, guessing, or recovering password values.
  • B. An evasion attack is designed to bypass or circumvent security controls such as IDS/IPS signatures and filters - it targets detection systems and does not involve password guessing or hash cracking.
  • D. A Teardrop attack exploits vulnerabilities in TCP/IP packet fragmentation reassembly to crash a target system - it is a network-layer exploitation technique with no relationship to password hashing or credential recovery.

Concept tested. Brute force attack against hashed password credentials

Reference. https://owasp.org/www-community/attacks/Brute_force_attack

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice
Which of the following types of attack can guess a hashed password? | GCFA Q#292 Answer | NerdExam