CISSP PRACTICE QUESTIONS – 20200227

Effective CISSP Questions

Your company sells toys online and ships globally. The shopping website employs a reasonably long password policy and stores the customer’s password as an MD5 hash in the database. To which of the following network password attacks through the regular login user interface is your website most vulnerable?
A. Brute force attack
B. Dictionary attack
C. Rainbow table attack
D. Birthday attack


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Dictionary attack.

Brute force password attacks systematically attempt every single theoretical combination of passwords. Almost all websites are susceptible to brute force attacks. However, even though brute force attacks are common, it doesn’t mean websites are most vulnerable to brute force attacks.

The term “most vulnerable” implies the extent of the exploitability of vulnerability is high or easy. A 4-character password is more vulnerable than an 8-character one. The “reasonably long password policy” mitigates brute force attacks; in other words, it becomes less vulnerable to brute force attacks by implementing the “reasonably long password policy.”

Dictionary attacks attempt a collection of predefined weak passwords, such as 0000, 1234, admin, password, etc. Most systems are more vulnerable to dictionary attacks than brute force attacks.

Rainbow table attacks are infeasible to be initiated from the network because most front-end UXs or web applications submit the password, instead of a hash, when the user is logging in.

The birthday attack is conducted to find a collision of a hash function. It is not a specific password attack techniques.

 


您的公司在線銷售玩具,並在全球範圍內發貨。 購物網站採用合理的長密碼策略,並將客戶的密碼以MD5雜湊的形式儲存在數據庫中。 您的網站最容易通過常規登錄用戶界面遭受以下哪些網絡密碼攻擊?
A. Brute force attack
B. Dictionary attack
C. Rainbow table attack
D. Birthday attack

Leave a Reply