CompTIA Security+ Question K-57

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?

A. Rainbow tables attacks
B. Brute force attacks
C. Birthday attacks
D. Cognitive passwords attacks

Answer: D

Explanation:
Social Networking Dangers are ‘amplified’ in that social media networks are designed to mass distribute personal messages. If an employee reveals too much personal information it would be easy for miscreants to use the messages containing the personal information to work out possible passwords.

CompTIA Security+ Question H-18

Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?

A. Cognitive password
B. Password sniffing
C. Brute force
D. Social engineering

Answer: C

Explanation:
One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords.

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.