Certified Ethical Hacker (CEH v13) — Question 71

As a certified ethical hacker, you are performing a system hacking process for a company that is suspicious about its security system. You found that the company’s passwords are all known words, but not in the dictionary. You know that one employee always changes the password by just adding some numbers to the old password. Which attack is most likely to succeed in this scenario?

Answer options

• A. Brute-Force Attack
• B. Password Spraying Attack
• C. Hybrid Attack
• D. Rule-based Attack

Correct answer: C

Explanation

A Hybrid Attack combines both dictionary and brute-force techniques, making it effective against passwords that are simple words modified by numbers. The other options, such as Brute-Force and Password Spraying Attacks, are less efficient in this scenario since they either try all possible combinations without leveraging known patterns or target accounts rather than specific passwords.