Certified Ethical Hacker (CEH v11) — Question 102

Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application.
What type of attack is Ricardo performing?

Answer options

• A. Brute force
• B. Known plaintext
• C. Dictionary
• D. Password spraying

Correct answer: C

Explanation

Ricardo is conducting a Dictionary attack because he is using a precompiled list of common passwords to try and gain access. A Brute force attack would involve systematically trying all possible combinations, while Known plaintext refers to having access to both the plaintext and ciphertext. Password spraying is a different method where a few common passwords are tried across many accounts rather than one account.