PrepAway - Latest Free Exam Questions & Answers

What type of attack is this?

Emily is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this?

PrepAway - Latest Free Exam Questions & Answers

A.
Brute-force attack

B.
Dictionary attack

C.
Social engineering attack

D.
Replay attack

Explanation:
D: A replay attack occurs when an intruder obtains and stores information, and later uses it to gain unauthorized access. In this case, Emily is using a technique called electronic
monitoring (sniffing) to obtain passwords being sent over the wire to an authentication server. She can later use the passwords to gain access to network resources. Even if the
passwords are encrypted, the retransmission of valid credentials can be sufficient to obtain access.
A is incorrect because a brute-force attack is performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password. One way
to prevent a successful brute-force attack is to restrict the number of login attempts that can be performed on a system. An administrator can set operating parameters that allow a
certain number of failed logon attempts to be accepted before a user is locked out; this is a type of clipping level.
B is incorrect because a dictionary attack involves the automated comparison of the user’s password to files of thousands of words until a match is found. Dictionary attacks are
successful because users tend to choose passwords that are short, are single words, or are predictable variations of dictionary words.
C is incorrect because in a social engineering attack the attacker falsely convinces an individual that she has the necessary authorization to access specific resources. Social
engineering is carried out against people directly and is not considered a technical attack necessarily. The best defense against social engineering is user education. Password
requirements, protection, and generation should be addressed in security-awareness programs so that users understand why they should protect their passwords, and how passwords
can be stolen.


Leave a Reply