In which of the following attacks does an attacker use software that tries a large number of key
combinations in order to get a password?

A.
Buffer overflow

B.
Brute force attack

C.
Zero-day attack

D.
Smurf attack

Explanation:

In a brute force attack, an attacker uses software that tries a large number of key combinations in
order to get a password. To prevent such attacks, users should create passwords that are more
difficult to guess, i.e., by using a minimum of six characters, alphanumeric combinations, and
lower-upper case combinations.
Answer option D is incorrect. Smurf is an attack that generates significant computer network traffic
on a victim network. This is a type of denial-of-service attack that floods a target system via
spoofed broadcast ping messages. In such attacks, a perpetrator sends a large amount of ICMP
echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP
address of the intended victim. If the routing device delivering traffic to those broadcast addresses
delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo

request and reply to it with an echo reply, which multiplies the traffic by the number of hosts
responding.
Answer option A is incorrect. Buffer overflow is a condition in which an application receives more
data than it is configured to accept. It helps an attacker not only to execute a malicious code on
the target system but also to install backdoors on the target system for further attacks. All buffer
overflow attacks are due to only sloppy programming or poor memory management by the
application developers. The main types of buffer overflows are:
Stack overflow
Format string overflow
Heap overflow
Integer overflow
Answer option C is incorrect. A zero-day attack, also known as zero-hour attack, is a computer
threat that tries to exploit computer application vulnerabilities which are unknown to others,
undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits
(actual code that can use a security hole to carry out an attack) are used or shared by attackers
before the software vendor knows about the mvulnerability. User awareness training is the most
effective technique to mitigate such attacks.