GCIH - Chapter 5.5: Attack Types
questions and answers rated A+
Passive online, Active online, Offline, and nontechnical attacks - ANS ✔Four methods of
password cracking
Performed by listening for the password, typically through packet sniffing, man-in-the-middle or
replay attacks - ANS ✔Passive Online Password Attack
Form of network attack where the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with each
other - ANS ✔Man-in-the-middle Attack
Form of network attack in which a valid data transmission is maliciously or fraudulently
repeated or delayed. - ANS ✔Replay Attack
No - ANS ✔Are passive attacks detectable by the user?
More aggressive form of password attack and leverage brute-force or dictionary methods.
Highly effective against environments that contain weak or poorly chosen passwords - ANS
✔Active Online Password Attack
A method of attempting every possible combination in sequence until the correct combination
is found. - ANS ✔Brute-force Attack
Similar to brute-force, however they are more methodical in utilizing a pre-defined list of
commonly used passwords and/or words, such as a dictionary. This attack leverages users using
easy to remember passwords. - ANS ✔Dictionary Attack
, 2FA is the strongest combatant against password cracking - ANS ✔How to thwart password
attacks
Relies on the weakness of storing passwords on systems. - ANS ✔Offline Attacks
May start out as a dictionary attack, but will change methods upon no success and begin
adding/replacing characters within words - ANS ✔Hybrid Password Attack
These utilize rainbow tables, computing every possible combination of characters before
capturing a password. Attacker then captures the password and compares it to the table - ANS
✔Precomputed Hashes
A precomputed list of hashes for every character combination. Can be loaded onto disk and
used to compare already hashed passwords. - ANS ✔Rainbow Table
A method of password cracking that includes shoulder surfing, keyboard sniffing, and social
engineering. - ANS ✔Nontechnical Password Cracking
Observing a user type in personal information or interacting on their machine to gain clues
where they may have or store passwords - ANS ✔Shoulder surfing
Tracking keystrokes using a type of keyboard logger - ANS ✔Keyboard Sniffing
Obtaining pertinent information through the trust of the user over a social interaction - ANS
✔Social Engineering
Software with the intention to perform malicious activities and encompasses worms, adware,
scareware and spyware - ANS ✔Malware
questions and answers rated A+
Passive online, Active online, Offline, and nontechnical attacks - ANS ✔Four methods of
password cracking
Performed by listening for the password, typically through packet sniffing, man-in-the-middle or
replay attacks - ANS ✔Passive Online Password Attack
Form of network attack where the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with each
other - ANS ✔Man-in-the-middle Attack
Form of network attack in which a valid data transmission is maliciously or fraudulently
repeated or delayed. - ANS ✔Replay Attack
No - ANS ✔Are passive attacks detectable by the user?
More aggressive form of password attack and leverage brute-force or dictionary methods.
Highly effective against environments that contain weak or poorly chosen passwords - ANS
✔Active Online Password Attack
A method of attempting every possible combination in sequence until the correct combination
is found. - ANS ✔Brute-force Attack
Similar to brute-force, however they are more methodical in utilizing a pre-defined list of
commonly used passwords and/or words, such as a dictionary. This attack leverages users using
easy to remember passwords. - ANS ✔Dictionary Attack
, 2FA is the strongest combatant against password cracking - ANS ✔How to thwart password
attacks
Relies on the weakness of storing passwords on systems. - ANS ✔Offline Attacks
May start out as a dictionary attack, but will change methods upon no success and begin
adding/replacing characters within words - ANS ✔Hybrid Password Attack
These utilize rainbow tables, computing every possible combination of characters before
capturing a password. Attacker then captures the password and compares it to the table - ANS
✔Precomputed Hashes
A precomputed list of hashes for every character combination. Can be loaded onto disk and
used to compare already hashed passwords. - ANS ✔Rainbow Table
A method of password cracking that includes shoulder surfing, keyboard sniffing, and social
engineering. - ANS ✔Nontechnical Password Cracking
Observing a user type in personal information or interacting on their machine to gain clues
where they may have or store passwords - ANS ✔Shoulder surfing
Tracking keystrokes using a type of keyboard logger - ANS ✔Keyboard Sniffing
Obtaining pertinent information through the trust of the user over a social interaction - ANS
✔Social Engineering
Software with the intention to perform malicious activities and encompasses worms, adware,
scareware and spyware - ANS ✔Malware
