CompTIA PenTest+ (PT0-002) — Question 323

A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command:

hashcat.exe -a 0 .\hash.txt .\rockyou.txt -r .\rules\replace.rule

Which of the following is the penetration tester using to crack the hash?

Answer options

• A. Hybrid attack
• B. Dictionary
• C. Rainbow table
• D. Brute-force method

Correct answer: B

Explanation

The correct answer is B, as the command uses a dictionary attack with the rockyou.txt wordlist to attempt to crack the hashes found in hash.txt. Options A, C, and D are incorrect because a hybrid attack combines methods, a rainbow table is a precomputed hash table for quick lookups, and a brute-force method tests every possible combination, none of which are reflected in the provided command.