6.6.8 Practice Questions Security Pro
You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute force attack
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred?
Social engineering
Which of the following BEST describes shoulder surfing?
Someone nearby watching you enter your password on your computer and recording it.
An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario?
Spraying
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved?
Offline
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password salting
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password?
User manipulation
