A security consultant was hired to audit a company's password are account policy. The company implements the following controls: ✑ Minimum password length: 16 ✑ Maximum password age: 0 ✑ Minimum password age: 0 ✑ Password complexity: disabled ✑ Store passwords in plain text: disabled ✑ Failed attempts lockout: 3 ✑ Lockout timeout: 1 hour The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time? A. Offline hybrid dictionary attack B. Offline brute-force attack C. Online hybrid dictionary password spraying attack D. Rainbow table attack E. Online brute-force attack F. Pass-the-hash attack Suggested Answer: C Community Answer: A This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam For getting CompTIA Advanced Security Practitioner (CASP+) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by CompTIA. Trademarks, certification & product names are used for reference only and belong to CompTIA. The website does not contain actual questions and answers from CompTIA's Certification Exams.
Please login or Register to submit your answer
