nerdexam
ExamsGCIHQuestions#60
GIAC

GCIH · Question #60

GCIH Question #60: Real Exam Question with Answer & Explanation

The correct answer is C: Brute force attack. Andrew's password 'Faulkner' is weak and contextually predictable, making it vulnerable to multiple password-cracking methods, but not to attacks that target service availability or exploit software memory vulnerabilities.

Vulnerability Exploitation & Privilege Escalation

Question

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ADenial-of-service (DoS) attack
  • BZero-day attack
  • CBrute force attack
  • DSocial engineering
  • EBuffer-overflow attack
  • FRainbow attack
  • GPassword guessing
  • HDictionary-based attack

Explanation

Andrew's password 'Faulkner' is weak and contextually predictable, making it vulnerable to multiple password-cracking methods, but not to attacks that target service availability or exploit software memory vulnerabilities.

Common mistakes.

  • A. A Denial-of-Service attack floods or crashes a service to make it unavailable to legitimate users; it provides no mechanism for discovering or recovering a user's password.
  • B. A Zero-day attack exploits an unknown, unpatched software vulnerability in an application or OS; it is a system compromise technique and not a method for cracking or guessing account passwords.
  • E. A Buffer-overflow attack overwrites memory beyond an allocated buffer boundary to execute arbitrary code or crash a process; it does not extract or recover plaintext passwords from an account.

Concept tested. Password attack vectors against weak predictable passwords

Reference. https://csrc.nist.gov/glossary/term/dictionary_attack

Topics

#password cracking#dictionary attack#rainbow tables#brute force

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice