ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 140 discussion

Actual exam question from CompTIA's SY0-601
Question #: 140
Topic #: 1
[All SY0-601 Questions]

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

  • A. Rainbow table attack
  • B. Password spraying
  • C. Logic bomb
  • D. Malware bot
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by stoneface at Sept. 1, 2022, 11:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
stoneface
Highly Voted 2 years, 10 months ago
SSH cannot take hash values as an input, so rainbow attack out of the table. Im left with password spraying. ...
upvoted 43 times
athym123
1 year, 4 months ago
password spraying attacks more than one users
upvoted 2 times
...
[Removed]
2 years, 5 months ago
With rainbow attack, you don't attack with password hashes! First, you use the table to crack the password for a target user offline and then use it to attack live systems. Password spraying uses one or few passwords against a list of usernames.
upvoted 9 times
...
...
ApplebeesWaiter1122
Highly Voted 1 year, 11 months ago
Selected Answer: B
Password spraying is a type of brute-force attack where the attacker attempts to gain unauthorized access to multiple accounts by trying a small number of commonly used passwords against many usernames. In this scenario, the continuous alerts from multiple Linux systems indicating unsuccessful SSH attempts to a functional user ID suggest that an attacker is trying different passwords against the same user ID on each system, which aligns with the behavior of a password spraying attack. The attacker is not attempting to guess different usernames but is trying a limited set of passwords against the same user ID on multiple systems.
upvoted 10 times
...
ak4512w2
Most Recent 1 year, 2 months ago
In Linux, local user account names are stored in /etc/passwd. When a user logs in to a local interactive shell, the password is checked against a hash stored in /etc/ shadow. Interactive login over a network is typically accomplished using Secure Shell (SSH). With SSH, the user can be authenticated using cryptographic keys instead of a password. so answer is A based on comptia official book
upvoted 1 times
...
Yaakb
1 year, 10 months ago
B, because, password spraying targets multiple accounts on a system, which fits perfectly in this scenario.
upvoted 3 times
...
Protract8593
1 year, 11 months ago
Selected Answer: B
Password spraying is a type of brute-force attack where an attacker tries a few common passwords against many accounts. In this scenario, the continuous alerts from multiple Linux systems indicating unsuccessful SSH attempts to a functional user ID suggest that an attacker is trying a limited set of passwords across various accounts in the hope of gaining unauthorized access. This is a common attack vector used to avoid detection from traditional brute-force protection mechanisms.
upvoted 2 times
Protract8593
1 year, 11 months ago
Password spraying can occur to a single account. Password spraying is a type of brute-force attack where attackers attempt to gain unauthorized access to multiple accounts by trying a few commonly used passwords against many usernames. Instead of attempting to guess passwords for a single account (which would be a regular brute-force attack), password spraying involves trying a small set of passwords against a large number of accounts. In the given scenario, the question states that unsuccessful SSH attempts have been made to a functional user ID on multiple Linux systems in a short period of time. This aligns with the behavior of password spraying, as the attackers are attempting to use a small set of passwords against multiple accounts (the functional user ID) on different systems. Given this understanding, Option B (Password spraying) would be the most likely correct answer for the question, as it matches the scenario described.
upvoted 1 times
excelchips11
1 year, 9 months ago
For Password Spraying, it is done on multiple accounts NOT just one. Here, we have ONLY ONE functional user ID, several password and several systems are informed. Though, B is the closest answer but not the answer as SSH
upvoted 1 times
...
...
...
macrocarpa
2 years, 1 month ago
Selected Answer: B
I think this is yet another poorly worded question meant to trip people up. First guess would be Rainbow Table Attack. But since it's over SSH it has to be password spraying. The question doesn't indicate more than one username being used which is what we've come to understand as password spraying. But password spraying is still a form of a brute-force attack which would have to be the answer imo.
upvoted 1 times
DanielBruse
2 years ago
Yes it’s a little tricky question but they say “multiple Linux systems to a funcional user ID” so they are trying more than one account
upvoted 2 times
...
...
strong1
2 years, 1 month ago
password spraying tries the most common passwords against many accounts. Known as a “low-and-slow” attack, it attempts to bypass the password lockout by trying one common password against many targets and then circling back to try the next common password after a period of time.
upvoted 1 times
...
MorganB
2 years, 2 months ago
MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same.
upvoted 3 times
...
TejasTony
2 years, 3 months ago
where do these "correct" answers come from? Some of them are so far out there and ridiculous.
upvoted 1 times
...
Nishkurup
2 years, 3 months ago
Selected Answer: B
B. Password spraying is the BEST explanation for this behavior. Password spraying is a type of brute force attack where attackers try a small number of commonly used passwords against a large number of user accounts. In this scenario, the attackers are attempting to guess the password for a functional user ID on multiple Linux systems. The unsuccessful SSH attempts are generated by automated tools used by attackers attempting to gain unauthorized access to the systems. Rainbow table attacks (A) are a type of pre-computed password attack that attempt to crack password hashes. Logic bombs (C) are malicious code designed to execute a set of instructions when certain conditions are met. Malware bots (D) are a type of malware that allows an attacker to take control of a compromised system and use it to carry out malicious activities. None of these attacks specifically match the behavior described in the scenario.
upvoted 3 times
...
CJohnson219
2 years, 4 months ago
How is this password spraying? it clearly says "to a functional user ID" that is a single user. password spraying is across multiple users
upvoted 1 times
Ertrexs
2 years, 4 months ago
"alerts from multiple Linux systems"
upvoted 3 times
...
NerdAlert
2 years, 3 months ago
the wording on this question is dumb and ambiguous
upvoted 2 times
...
...
ronniehaang
2 years, 4 months ago
Selected Answer: B
B. Password spraying. Password spraying is a type of brute-force attack that targets multiple user accounts with a few commonly used passwords. This technique is used to avoid triggering account lockouts, which are a common security measure to prevent brute-force attacks. The attacker tries a small number of passwords against many accounts, with the hope of finding one that works. By targeting a large number of systems and trying a limited number of passwords, the attacker can avoid detection and quickly gain access to one or more systems.
upvoted 1 times
OnA_Mule
2 years, 4 months ago
The question says "a functional user ID" suggesting it's a single account. So spraying does not apply
upvoted 1 times
daddylonglegs
1 year, 8 months ago
Not necessarily a single account, just a user ID that is functional. Regardless, none of the other answers even remotely apply at all in this scenario.
upvoted 1 times
...
...
...
FMMIR
2 years, 6 months ago
Selected Answer: B
The behavior described in the scenario is likely the result of a password spraying attack. Password spraying is a technique used by attackers to compromise accounts by trying a small number of commonly used passwords against a large number of user accounts. This allows the attacker to avoid triggering account lockout policies, which are designed to prevent brute-force attacks by locking an account after a certain number of failed login attempts. In this case, the attacker is likely using password spraying to try to gain access to the Linux systems via SSH using a functional user ID. A rainbow table attack, a logic bomb, or a malware bot could potentially cause similar symptoms, but the description of the behavior in the scenario is most consistent with a password spraying attack.
upvoted 3 times
OnA_Mule
2 years, 4 months ago
Spraying would apply if it were multiple user accounts, but the question seems to indicate it is 1 user ID. So it's not spraying.
upvoted 1 times
...
...
Mahougbe
2 years, 8 months ago
Selected Answer: B
A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process.
upvoted 4 times
...
ostralo
2 years, 8 months ago
Selected Answer: A
I will go for the Rainbow table - because the perpetrator could guess a password using the leaked hash from the system prior to the attack to crack an account. Password spray attack - using the same password to crack many different accounts.
upvoted 3 times
daddylonglegs
1 year, 8 months ago
So if it were a rainbow table attack the perpetrator would already have the password because it would be precomputed, therefore there would be no failed logins. The fact that it is multiple failed logins across multiple devices clearly points to password spraying
upvoted 1 times
...
...
Jakalan7
2 years, 9 months ago
Selected Answer: B
Clearly B, password spraying.
upvoted 2 times
...
comeragh
2 years, 9 months ago
Selected Answer: B
I believe this is password spraying - "multiple Linux systems to a functional user ID"
upvoted 8 times
Jacob_Kramer1995
1 year, 10 months ago
Out of all the answers's password spraying the best, however, I don't like the wording. a functional user (singular) could indicate bruteforce or directory knowing it's a (singular user login creds)
upvoted 3 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel