The information security team does a presentation on social media and advises the participants not to
provide too much personal information on social media web sites. This advice would BEST protect people
from which of the following?

A.
Rainbow tables attacks

B.
Brute force attacks

C.
Birthday attacks

D.
Cognitive passwords attacks

Explanation:
Social Networking Dangers are ‘amplified’ in that social media networks are designed to mass distribute
personal messages. If an employee reveals too much personal information it would be easy for
miscreants to use the messages containing the personal information to work out possible passwords.
Incorrect Answers:
A: A rainbow table attack focuses on identifying a stored value. By using values in an existing table of
hashed phrases or words (think of taking a word and hashing it every way you can imagine) and
comparing them to values found.
B: A brute-force attack is an attempt to guess passwords until a successful guess occurs.
C: Birthday Attack is built on a simple premise. If 25 people are in a room, there is some probability that
two of those people will have the same birthday. The probability increases as additional people enter the
room. It’s important to remember that probability doesn’t mean that something will occur, only that it’s
more likely to occur. To put it another way, if you ask if anyone has a birthday of March 9th, the odds are
1 in 365 (or 25/365 given the number of people in the room), but if you ask if anyone has the same
birthday as any other individual, the odds of there being a match increase significantly. This makes
guessing the possible password easily.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 328