CompTIA Security+ (SY0-501) — Question 149

A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform?

Answer options

• A. Pass-the-hash attack
• B. ARP poisoning attack
• C. Birthday attack
• D. Brute force attack

Correct answer: A

Explanation

The correct answer is A, as a Pass-the-hash attack allows an attacker to utilize stolen hashed passwords without needing to crack them. The other options, such as ARP poisoning and Birthday attacks, do not directly target password cracking and are less effective against a robust password policy, while a Brute force attack becomes impractical with highly complex passwords.