Certified Information Systems Security Professional (CISSP) — Question 243

When testing password strength, which of the following is the BEST method for brute forcing passwords?

Answer options

• A. Conduct an offline attack on the hashed password information.
• B. Use a comprehensive list of words to attempt to guess the password.
• C. Use social engineering methods to attempt to obtain the password.
• D. Conduct an online password attack until the account being used is locked.

Correct answer: A

Explanation

The best method for brute forcing passwords is to conduct an offline attack on the hashed password information, as this allows attackers to use significant computational power without risking detection. The other methods, while potentially effective in certain scenarios, either rely on external factors (social engineering) or can lead to account lockout (online attacks), which limits their effectiveness.