CompTIA Security+ Question H-18

Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?

A. Cognitive password
B. Password sniffing
C. Brute force
D. Social engineering

Answer: C

One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords.

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.