Exam 312-50v12 topic 1 question 208 discussion

I guessed C and ChatGPT agrees. Reasoning: The company’s passwords are based on known words (but not exactly dictionary entries). One employee changes the password by adding numbers to an existing base word. This behavior is exactly what hybrid attacks are designed to exploit: Example: Taking summer and generating variants like summer123, summer2024, etc. Why the others are not chosen: A. Brute-Force Attack: Tries all possible combinations, very slow and inefficient for this situation. B. Password Spraying Attack: Attempts a small number of common passwords across many accounts — more useful for account lockout evasion, not individual password structure cracking. D. Rule-based Attack: Similar to hybrid, but more about custom rules applied to dictionaries. Requires prior creation of specific rule sets, which might not be as generally adaptive as a hybrid approach.

A Hybrid Attack can adapt and incorporate a range of possible modifications (like appending any number from 0–9999), which covers the broader password modification habits described in this scenario. This adaptability makes it the more suitable and successful approach here. In short, while Rule-Based Attacks are precise, Hybrid Attacks are more flexible and effective for cracking passwords with variable patterns

Pretty sure this is D. It seems that individuals are over looking the fact that the words are not in the dictionary which is crazy because its literally stated in there. Therefore it should be D.

if the password is explicitly stated as not being in the dictionary, a standard hybrid attack might not be as effective, because it relies on a combination of dictionary words and brute-force techniques. Given this scenario, the most appropriate answer would likely be: D. Rule-based Attack

C. Hybrid Attack CEH v12 Page 604 ybrid Attack This type of attack depends on the dictionary attack. Often, people change their passwords merely by adding some numbers to their old passwords. In this case, the program would add some numbers and symbols to the words from the dictionary to try to crack the password. For example, if the old password is “system,” then there is a chance that the person will change it to “system1” or “system2.”

Attackers use rule-based attacks when they have some knowledge of the passwords and see evidence of simple salts and peppers like "123" at the end of the password. This question is garbage in terms of it's wording, but does combine the two fundamental concepts of rule-based.

D. Rule-based Attack Rule-based attacks are a sophisticated form of brute-force/dictionary attacks where the attacker defines complex rules based on typical user behavior of password creation (like replacing 'o' with '0', adding years at the end, etc.). This can be highly effective if you understand the common modifications users make to base words in their passwords.

C. Hybrid Attack Key word Often, people change their passwords merely by adding some numbers to their old passwords.

This is a more powerful attack than disctionary and brute-force attacks because the cracker knows the password type." (M06 P604)

Is C. Hybrid attack, as the first comment says, at page 604 of CEH there is clearly written this attack works when people changes the password by just adding some numbers to the old password.

D. Rule-based Attack

The question mentions the words are not in the dictionary. So it can't be hybrid since it utilizes dictionary of known words.

C: Hybrid Attack

Hybrid Attack

Hybrid Attack: This type of attack depends on the dictionary attack. Often, people change their passwords merely by adding some numbers to their old passwords. In this case, the program would add some numbers and symbols to the words from the dictionary to try to crack the password. For example, if the old password is “system,” then there is a chance that the person will change it to “system1” or “system2

C. Hybrid Attack A hybrid attack combines elements of both dictionary attacks (known words) and brute-force attacks (trying all possible combinations, including modifications like adding numbers). In this case, the attacker leverages the knowledge that the passwords are known words but also incorporates variations by adding numbers. Hybrid attacks are effective in situations where there are patterns or rules applied to password creation, as is the case in the described scenario.

I think answer is D, because it specify "known words, but NOT dictionary". Hybrid attack combined with known words from dictionary, so rule-based should be a more accurate answer.