Certified Ethical Hacker (CEH v13) — Question 194

Ricardo has discovered the username for an application in his target’s environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application. What type of attack is Ricardo performing?

Answer options

• A. Brute force
• B. Known plaintext
• C. Dictionary
• D. Password spraying

Correct answer: C

Explanation

The correct answer is C, Dictionary, because Ricardo is using a list of common passwords to attempt access. A brute force attack involves trying all possible combinations, which is not the case here. Known plaintext refers to having some information about the plaintext that is used in encryption, while password spraying involves attempting common passwords across many accounts, not targeting a single username with a specific list.