eJPT Password Attacks and Credential Testing

Question 1

Which tool is commonly used for dictionary-based password attacks against SSH services?

Accepted Answer

Hydra

Answer

Nmap

Answer

Metasploit

Answer

Burp Suite

Question 2

What is the key difference between a dictionary attack and a brute force attack?

Accepted Answer

Dictionary attacks try known words/passwords while brute force tries all possible combinations

Answer

Dictionary attacks use encrypted wordlists while brute force uses plaintext

Answer

Dictionary attacks are always faster than brute force in every scenario

Answer

Brute force only works against web applications

Question 3

What is a rainbow table used for in password cracking?

Accepted Answer

To store precomputed hash-to-password mappings for faster cracking

Answer

To generate random passwords for testing

Answer

To encrypt passwords before storage

Answer

To identify password policies on a target system

Question 4

What is credential stuffing?

Accepted Answer

Using previously breached username/password pairs against other services

Answer

Filling HTML login forms with random data to cause errors

Answer

Brute forcing a single account repeatedly until lockout

Answer

Encrypting stolen credentials before exfiltration

Question 5

Which Hydra flag specifies a single username when performing a targeted attack?

Accepted Answer

-l

Answer

-u

Answer

-U

Answer

-user

Question 6

Which file in Kali Linux is most commonly used as a wordlist for password attacks?

Accepted Answer

/usr/share/wordlists/rockyou.txt

Answer

/etc/shadow

Answer

/var/log/auth.log

Answer

/etc/passwd

Question 7

What technique adds a unique random value to each password before hashing to prevent rainbow table attacks?

Accepted Answer

Salting

Answer

Peppering

Answer

Stretching

Answer

Padding