GCIH - CHAPTER 5.5 ATTACK TYPES TEST LATEST UPDATED
Passive online, active online, offline, and nontechnical attacks are the four ways
to crack a password.
ANSWER for Passive Online Password Attack carried out by listening for the
password, usually via replay attacks, packet sniffing, or man-in-the-middle
techniques.
The ANSWER to the man-in-the-middle attack This type of network assault
involves the attacker surreptitiously relaying and perhaps changing the
communication between two parties that think they are speaking with each other
directly.
Replay Attack: Response type of network attack when a legitimate data
transport is fraudulently or maliciously repeated or delayed.
Can the user detect passive attacks? ANSWER No
ANSWER s to Active Online Password Attacks more forceful password attack
that makes use of dictionary or brute-force techniques. Very efficient against
settings with poorly selected or weak passwords
ANSWER for Brute-force Attack a strategy that involves trying each potential
combination in turn until the right one is discovered.
Dictionary Attack: Response Like brute-force, but more deliberate, they use a
dictionary or other pre-defined collection of frequently used passwords and/or
terms. This hack takes advantage of people that utilise simple passwords.
How to prevent password attacks: The best defence against password cracking
is two-factor authentication ( ANSWER ).
ANSWER for Offline Attacks depends on the vulnerability of password
storage in systems.
, ANSWER to the Hybrid Password Attack may begin as a dictionary attack,
but if it doesn't work, it will switch tactics and start inserting or changing letters
inside words.
ANSWER for Precomputed Hashes Before capturing a password, these use
rainbow tables to calculate every conceivable character combination. The
password is then obtained by the attacker and compared to the table.
Rainbow Table: Solution a collection of hashes for each character combination
that has already been calculated. can be used to compare passwords that have
already been hashed and placed onto disc.
ANSWER for Nontechnical Password Cracking a password-cracking
technique that combines social engineering, keyboard sniffing, and shoulder
surfing.
Shoulder surfing: A response Finding hints about where a user may hold or save
passwords by watching them enter personal information or interact with their
computer
ANSWER Keyboard Sniffing: Monitoring keystrokes with a certain kind of
keyboard logger
The ANSWER to social engineering Using the user's trust during a social
encounter to obtain relevant information
Malware, which includes worms, adware, scareware, and spyware, is software
designed to carry out harmful tasks.
Any action or activity carried out without the user's knowledge or consent is
considered malicious behaviour.
Virus: Solution Malware is a type of software or code that attaches itself to files
and spreads from one system to another. usually carried out upon accessing the
file
Virus Types: Hoaxes, Polymorphic, Multipartite, ANSWER Logic Bombs, and
Macro
ANSWER to the Logic Bomb Virus intended to remain in a wait state until a
particular circumstance takes place to initiate its operation. Usually, it involves
destroying systems and/or data.
Passive online, active online, offline, and nontechnical attacks are the four ways
to crack a password.
ANSWER for Passive Online Password Attack carried out by listening for the
password, usually via replay attacks, packet sniffing, or man-in-the-middle
techniques.
The ANSWER to the man-in-the-middle attack This type of network assault
involves the attacker surreptitiously relaying and perhaps changing the
communication between two parties that think they are speaking with each other
directly.
Replay Attack: Response type of network attack when a legitimate data
transport is fraudulently or maliciously repeated or delayed.
Can the user detect passive attacks? ANSWER No
ANSWER s to Active Online Password Attacks more forceful password attack
that makes use of dictionary or brute-force techniques. Very efficient against
settings with poorly selected or weak passwords
ANSWER for Brute-force Attack a strategy that involves trying each potential
combination in turn until the right one is discovered.
Dictionary Attack: Response Like brute-force, but more deliberate, they use a
dictionary or other pre-defined collection of frequently used passwords and/or
terms. This hack takes advantage of people that utilise simple passwords.
How to prevent password attacks: The best defence against password cracking
is two-factor authentication ( ANSWER ).
ANSWER for Offline Attacks depends on the vulnerability of password
storage in systems.
, ANSWER to the Hybrid Password Attack may begin as a dictionary attack,
but if it doesn't work, it will switch tactics and start inserting or changing letters
inside words.
ANSWER for Precomputed Hashes Before capturing a password, these use
rainbow tables to calculate every conceivable character combination. The
password is then obtained by the attacker and compared to the table.
Rainbow Table: Solution a collection of hashes for each character combination
that has already been calculated. can be used to compare passwords that have
already been hashed and placed onto disc.
ANSWER for Nontechnical Password Cracking a password-cracking
technique that combines social engineering, keyboard sniffing, and shoulder
surfing.
Shoulder surfing: A response Finding hints about where a user may hold or save
passwords by watching them enter personal information or interact with their
computer
ANSWER Keyboard Sniffing: Monitoring keystrokes with a certain kind of
keyboard logger
The ANSWER to social engineering Using the user's trust during a social
encounter to obtain relevant information
Malware, which includes worms, adware, scareware, and spyware, is software
designed to carry out harmful tasks.
Any action or activity carried out without the user's knowledge or consent is
considered malicious behaviour.
Virus: Solution Malware is a type of software or code that attaches itself to files
and spreads from one system to another. usually carried out upon accessing the
file
Virus Types: Hoaxes, Polymorphic, Multipartite, ANSWER Logic Bombs, and
Macro
ANSWER to the Logic Bomb Virus intended to remain in a wait state until a
particular circumstance takes place to initiate its operation. Usually, it involves
destroying systems and/or data.
