Notifications
Clear all
Topic starter
21/06/2022 6:07 am
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts.
While reviewing the log files, the analyst discovers the following:
Which of the following attacks MOST likely occurred?
- A . Dictionary
- B . Credential-stuffing
- C . Password-spraying
- D . Brute-force
Suggested Answer: D
Explanation:
"Brute force attack in which stolen user account names and passwords are tested against multiple websites." CompTIA SY0-601 Official Study Guide Page 690 This is a poorly worded question and while credential stuffing is a type of brute force attack, the information given does not indicate multiple websites. At best, this looks like a password spraying attack, but it is more likely a brute-force attack. Also note the output reads "unsername" and not "username" - perhaps irrelevant but the little things can and do matter
Explanation:
"Brute force attack in which stolen user account names and passwords are tested against multiple websites." CompTIA SY0-601 Official Study Guide Page 690 This is a poorly worded question and while credential stuffing is a type of brute force attack, the information given does not indicate multiple websites. At best, this looks like a password spraying attack, but it is more likely a brute-force attack. Also note the output reads "unsername" and not "username" - perhaps irrelevant but the little things can and do matter