CompTIA PenTest+ (PT0-002) — Question 70

During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?

Answer options

• A. Mask
• B. Rainbow
• C. Dictionary
• D. Password spraying

Correct answer: D

Explanation

Password spraying is a technique that attempts to access multiple accounts with a few commonly used passwords, thus minimizing the risk of account lockout. In contrast, dictionary and rainbow attacks involve trying many passwords for a single user, which is more likely to trigger account lockout mechanisms. A mask attack typically uses a specific pattern to generate passwords, which could also lead to lockouts.