Exam PT0-002 topic 1 question 222 discussion

It is indeed password spraying. Trying the same passwords across multiple users.

D. Password spraying Explanation: Password spraying: • Password spraying is an attack where the attacker tries a small number of common passwords against a large number of accounts. This method helps avoid account lockout mechanisms because it doesn’t repeatedly target the same account with multiple password attempts. Instead, it uses a common password across many accounts, thereby staying under the threshold that triggers account lockouts.

The MOST likely attack type to avoid account lockout, given the information, is: D. Password spraying Password spraying involves trying a large number of password guesses against a list of usernames. In this case, the penetration tester has a list of email addresses and can create usernames based on the format. They can then use password spraying to try a set of common passwords (or variations) against each username.

Password spraying is a type of attack where the attacker attempts to access a large number of accounts (usernames) using a few common passwords. Unlike traditional brute-force or dictionary attacks, which try many passwords on a single user, password spraying tries only a few passwords across many accounts. This method is often used to avoid triggering account lockout mechanisms, making it a suitable choice for the scenario described.

D. Password spraying is the most likely attack that would be used to avoid account lockout during an assessment. This technique involves using a list of commonly used passwords to try guess a user's password by making multiple attempts at a single user account. It is important to practice good online safety habits, such as strong password creation and monitoring of accounts, to prevent this type of attack.

Password spraying is trying a small number of passwords against a large number of accounts, rather than trying many passwords against a single account. Dictionary attacks involve trying a large number of words from a dictionary file as possible passwords. Mask attacks are used when an attacker has some information about the password, such as its length or character set, and wants to generate a list of possible passwords based on that information.

https://www.crowdstrike.com/cybersecurity-101/password-spraying/#:~:text=The%20basics%20of%20a%20password,account%20by%20trying%20many%20passwords.

d answer

the answer is D

Dictionary attacks are used more in offline situations.