GCIH - CHAPTER 5.5: ATTACK TYPES
EXAM QUESTIONS AND ANSWERS
GRADED A+ 2025/2026
Four methods of password cracking - ANS Passive online, Active online, Offline, and
nontechnical attacks
Passive Online Password Attack - ANS Performed by listening for the password, typically
through packet sniffing, man-in-the-middle or replay attacks
Man-in-the-middle Attack - ANS Form of network attack where the attacker secretly relays
and possibly alters the communication between two parties who believe they are directly
communicating with each other
Replay Attack - ANS Form of network attack in which a valid data transmission is maliciously
or fraudulently repeated or delayed.
Are passive attacks detectable by the user? - ANS No
Active Online Password Attack - ANS More aggressive form of password attack and leverage
brute-force or dictionary methods. Highly effective against environments that contain weak or
poorly chosen passwords
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Brute-force Attack - ANS A method of attempting every possible combination in sequence
until the correct combination is found.
Dictionary Attack - ANS Similar to brute-force, however they are more methodical in utilizing
a pre-defined list of commonly used passwords and/or words, such as a dictionary. This attack
leverages users using easy to remember passwords.
How to thwart password attacks - ANS 2FA is the strongest combatant against password
cracking
Offline Attacks - ANS Relies on the weakness of storing passwords on systems.
Hybrid Password Attack - ANS May start out as a dictionary attack, but will change methods
upon no success and begin adding/replacing characters within words
Precomputed Hashes - ANS These utilize rainbow tables, computing every possible
combination of characters before capturing a password. Attacker then captures the password
and compares it to the table
Rainbow Table - ANS A precomputed list of hashes for every character combination. Can be
loaded onto disk and used to compare already hashed passwords.
Nontechnical Password Cracking - ANS A method of password cracking that includes shoulder
surfing, keyboard sniffing, and social engineering.
Shoulder surfing - ANS Observing a user type in personal information or interacting on their
machine to gain clues where they may have or store passwords
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
EXAM QUESTIONS AND ANSWERS
GRADED A+ 2025/2026
Four methods of password cracking - ANS Passive online, Active online, Offline, and
nontechnical attacks
Passive Online Password Attack - ANS Performed by listening for the password, typically
through packet sniffing, man-in-the-middle or replay attacks
Man-in-the-middle Attack - ANS Form of network attack where the attacker secretly relays
and possibly alters the communication between two parties who believe they are directly
communicating with each other
Replay Attack - ANS Form of network attack in which a valid data transmission is maliciously
or fraudulently repeated or delayed.
Are passive attacks detectable by the user? - ANS No
Active Online Password Attack - ANS More aggressive form of password attack and leverage
brute-force or dictionary methods. Highly effective against environments that contain weak or
poorly chosen passwords
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Brute-force Attack - ANS A method of attempting every possible combination in sequence
until the correct combination is found.
Dictionary Attack - ANS Similar to brute-force, however they are more methodical in utilizing
a pre-defined list of commonly used passwords and/or words, such as a dictionary. This attack
leverages users using easy to remember passwords.
How to thwart password attacks - ANS 2FA is the strongest combatant against password
cracking
Offline Attacks - ANS Relies on the weakness of storing passwords on systems.
Hybrid Password Attack - ANS May start out as a dictionary attack, but will change methods
upon no success and begin adding/replacing characters within words
Precomputed Hashes - ANS These utilize rainbow tables, computing every possible
combination of characters before capturing a password. Attacker then captures the password
and compares it to the table
Rainbow Table - ANS A precomputed list of hashes for every character combination. Can be
loaded onto disk and used to compare already hashed passwords.
Nontechnical Password Cracking - ANS A method of password cracking that includes shoulder
surfing, keyboard sniffing, and social engineering.
Shoulder surfing - ANS Observing a user type in personal information or interacting on their
machine to gain clues where they may have or store passwords
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
