Certified Ethical Hacker (CEH v12) — Question 204

As a certified ethical hacker, you are performing a system hacking process for a company that is suspicious about its security system. You found that the company’s passwords are all known words, but not in the dictionary. You know that one employee always changes the password by just adding some numbers to the old password. Which attack is most likely to succeed in this scenario?

Answer options

• A. Brute-Force Attack
• B. Password Spraying Attack
• C. Hybrid Attack
• D. Rule-based Attack

Correct answer: C

Explanation

The correct answer is Hybrid Attack because it combines both dictionary and brute-force methods, making it suitable for passwords that are based on known words with numerical variations. Other options like Brute-Force Attack may take too long and Password Spraying Attack would not be effective since it targets multiple accounts with the same password, while Rule-based Attack is less focused on the specific pattern of password changes observed.