6.6.8
You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found. Which of the following technical password attacks are you using? answer Keylogger Brute force attack Pass-the-hash attack Password sniffing
Brute force attack
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? answer Hybrid attack Brute-force attack Rainbow table attack Dictionary attack
Rainbow table attack
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? answer Password guessing Shoulder surfing Social engineering Dumpster diving
Social engineering
Which of the following BEST describes shoulder surfing? answer Finding someone's password in the trash can and using it to access their account. Giving someone you trust your username and account password. Someone nearby watching you enter your password on your computer and recording it. Guessing someone's password because it is so common or simple.
Someone nearby watching you enter your password on your computer and recording it.
An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario? answer Dictionary Spraying Rainbow table Brute force
Spraying
You want to check a server for user accounts that have weak passwords. Which tool should you use? answer Retina OVAL John the Ripper Nessus
John the Ripper
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved? answer Dictionary Offline Password spraying Brute force
Offline
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? answer Password salting Keylogging Pass-the-hash attack Password sniffing
Password salting
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? answer Password guessing Social engineering Shoulder surfing Dumpster diving
Dumpster diving
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password? answer Dumpster diving Physical access Password guessing User manipulation
User manipulation