PrepAway - Latest Free Exam Questions & Answers

Which of the following can be used by a security admini…

Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?

PrepAway - Latest Free Exam Questions & Answers

A.
Cognitive password

B.
Password sniffing

C.
Brute force

D.
Social engineering

Explanation:
One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using
many different passwords.
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack,
automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to
crack encrypted data, or by security analysts to test an organization’s network security.
A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words
in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers.
An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number
of combinations tried rather than an ingenious algorithm.
Incorrect Answers:
A: A cognitive password is a form of knowledge-based authentication that requires a user to answer a question to verify their identity. To open the password
protected file, we need the password that was used to protect the file. Therefore, this answer is incorrect.
B: Password sniffing is the process of capturing a password as it is transmitted over a network. As no one knows what the password for the protected file is, it won’t
be transmitted over a network. Therefore, this answer is incorrect.
D: Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking
normal security procedures. A social engineer runs what used to be called a “con game.” For example, a person using social engineering to break into a computer
network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network’s security. Social engineers often
rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem
that requires immediate network access. Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are other typical social
engineering techniques. As no one knows what the password for the protected file is, we can’t use social engineering to reveal the password. Therefore, this
answer is incorrect.

http://www.techopedia.com/definition/18091/brute-force-attack http://searchsecurity.techtarget.com/definition/social-engineering


Leave a Reply