GIAC Certified Incident Handler (GCIH) — Question 176
Nathan is examining the security event log on a file server that contains sensitive data. He finds a number of Event ID 1234s with substatus code 0xC000006A.
There are 4 or less failures against any individual account. Which type of password attack is indicated by these events?
Answer options
- A. Rainbow Tables
- B. Spraying
- C. Brute Force
- D. Passing the Hash
Correct answer: C
Explanation
The correct answer is C, as a Brute Force attack typically involves numerous attempts to guess a password for a single account, which can lead to many failures. In this scenario, the low number of failures (four or less) against each account suggests a more targeted approach, which aligns with the characteristics of a Brute Force attack rather than the other options like Rainbow Tables, Spraying, or Passing the Hash.