GIAC Certified Incident Handler (GCIH) — Question 90

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?
Each correct answer represents a complete solution. (Choose all that apply.)

Answer options

• A. Denial-of-service (DoS) attack
• B. Zero-day attack
• C. Brute force attack
• D. Social engineering
• E. Buffer-overflow attack
• F. Rainbow attack
• G. Password guessing
• H. Dictionary-based attack

Correct answer: C, D, F, G, H

Explanation

The correct answers are C, D, F, G, and H because these methods are commonly used to compromise passwords. A brute force attack systematically tries many passwords, while social engineering tricks individuals into revealing their passwords. Rainbow attacks utilize precomputed tables for quick password cracking, and password guessing and dictionary-based attacks involve trying common words or phrases, like 'Faulkner'. The other options, such as DoS and buffer-overflow attacks, do not directly relate to password cracking.