CompTIA Security+ (SY0-501) — Question 292

A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two.)

Answer options

• A. Replay
• B. Rainbow tables
• C. Brute force
• D. Pass the hash
• E. Dictionary

Correct answer: C, E

Explanation

The correct answers are C (Brute force) and E (Dictionary) because both involve attempting multiple password guesses to gain unauthorized access. Replay attacks involve intercepting and reusing valid authentication, which is not applicable here, while rainbow tables and pass the hash are techniques that require prior knowledge of hashed passwords or access to password hashes, not repeated login attempts.