Which of the following can be used by a security administrator to successfully recover a user’s forgotten
password on a password protected file?
A.
Cognitive password
B.
Password sniffing
C.
Brute force
D.
Social engineering
Explanation:
One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force
attack is an automated attempt to open the file by using many different passwords.
A brute force attack is a trial-and-error method used to obtain information such as a user password or
personal identification number (PIN). In a brute force attack, automated software is used to generate a
large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used
by criminals to crack encrypted data, or by security analysts to test an organization’s network security.
A brute force attack may also be referred to as brute force cracking.
For example, a form of brute force attack known as a dictionary attack might try all the words in a
dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of
letters and numbers.
An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;”
success is usually based on computing power and the number of combinations tried rather than an
ingenious algorithm.
Incorrect Answers:A: A cognitive password is a form of knowledge-based authentication that requires a user to answer a
question to verify their identity. To open the password protected file, we need the password that was
used to protect the file.
B: Password sniffing is the process of capturing a password as it is transmitted over a network. As no one
knows what the password for the protected file is, it won’t be transmitted over a network.
D: Social engineering is a non-technical method of intrusion hackers use that relies heavily on human
interaction and often involves tricking people into breaking normal security procedures.
A social engineer runs what used to be called a “con game.” For example, a person using social
engineering to break into a computer network might try to gain the confidence of an authorized user and
get them to reveal information that compromises the network’s security. Social engineers often rely on
the natural helpfulness of people as well as on their weaknesses. They might, for example, call the
authorized employee with some kind of urgent problem that requires immediate network access.
Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are
other typical social engineering techniques. As no one knows what the password for the protected file is,
we can’t use social engineering to reveal the password.http://www.techopedia.com/definition/18091/brute-force-attack
http://searchsecurity.techtarget.com/definition/social-engineering
Not sure what type of administrators Security+ is aiming at.
It would have been much easier to take ownership of the folder/file:
According to M$, in order to take ownership, one must do as follows
To take ownership of a folder, follow these steps:
1. Right-click the folder that you want to take ownership of, and then click Properties.
2. Click the Security tab, and then click OK on the Security message (if one appears).
3. Click Advanced, and then click the Owner tab.
4. In the Name list, click your user name, or click Administrator if you are logged in as Administrator, or click the Administrators group. If you want to take ownership of the contents of that folder, select the Replace owner on sub containers and objects check box.
5. Click OK, and then click yes when you receive the following message:
You do not have permission to read the contents of directory folder name. Do you want to replace the directory permissions with permissions granting you Full Control?
All permissions will be replaced if you press yes.
Note folder name is the name of the folder that you want to take ownership of.
6. Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.
0
0