If a token and 4-digit personal identification number (PIN) are used to access a computer system and
the token performs off-line checking for the correct PIN, what type of attack is possible?

A.
Birthday

B.
Brute force

C.
Man-in-the-middle

D.
Smurf

Explanation:
Brute force attacks are performed with tools that cycle through many possible character, number,
and symbol combinations to guess a password. Pg 134 Shon Harris CISSP All-In-One Certification
Exam Guide. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is
cracked.