Cyber Security Multiple Choice Questions on “Password Cracking and Security Measures”.
1. System hacking involves password hacking as one of the major hacking methodologies.
a) True
b) False
Answer: a
Clarification: System hacking, which is of four types involves password hacking as one of the major hacking methodologies. It is used to crack the security of a system and gain access for stealing data.
2. Password cracking in system hacking is of ________ types.
a) 2
b) 3
c) 4
d) 5
Answer: c
Clarification: System hacking involves password hacking as one of the major hacking methodologies. It is of 4 types. These are passive online attack, active online attack, offline attack, and non-electronic attack.
3. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7
Answer: d
Clarification: There are seven major types of passwords. These are a password containing only letters, a password containing only number, a password containing only special characters, a password containing only alpha-numeric characters, a password containing letters, numbers as well as special symbols or password containing any two combinations of the three.
4. In _______________ attacks an attacker do not contact with authorizing party for stealing password.
a) passive online
b) active online
c) offline
d) non-electronic
Answer: a
Clarification: In passive online attacks, the attacker do not contact with an authorized party to steal the password, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account.
5. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing
Answer: d
Clarification: Attacker do not contact with an authorized party to steal the password in the passive online attack, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account. Examples of passive online attacks include wire sniffing, Man in the middle attack and reply attack.
6. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing
Answer: c
Clarification: Phishing is not an example of a passive online attack. In passive online attacks, the attacker does not contact with an authorized party to steal the password. Types of passive online attacks include wire sniffing, Man in the middle attack and reply attack.
7. Which of the following do not comes under hurdles of passive online attack for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available
Answer: d
Clarification: Tools for doing a passive offline attack on passwords is widely available so it doesn’t come under disadvantage or hurdles of passive offline attack. But passive offline attacks are computationally complex, hard to perpetrate and may take time.
8. Which of the following case comes under victims’ list of an active online attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services
Answer: c
Clarification: Systems with bad or weak passwords & with open authentication points often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.
9. In _______________ password grabbing attack the attacker directly tries different passwords 1-by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.
10. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack
Answer: b
Clarification: In an active online attack, the attacker directly tries different passwords 1-by-1 against victim’s system/account. It has some disadvantages as it takes a long time, hence a lot of patience & high network bandwidth also.
11. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of the active online attack. It is alternatively termed as password guessing attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.
12. ________________ attacks are carried out from a location other than the real computer where the password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic
Answer: c
Clarification: For this cyber-criminal needs to have physical access to the system and so offline password attacks are carried out from a location other than the real computer where the password reside or was used. They are common examples of physical data breaching & hacking.
13. _______________ attacks always need physical access to the system that is having password file or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic
Answer: b
Clarification: Offline password attacks are carried out from a location other than the real computer where the password resides or was used. They need physical access to the system that is having a password file or the hacker needs to crack the system by other means.
14. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack
Answer: d
Clarification: The offline attack needs physical access to the system that is having a password file or the hacker needs to crack the system by other means. A dictionary attack, rainbow, and brute force come under offline attack.
15. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False
Answer: a
Clarification: Physical access is needed in offline attack to the system that is having a password file or the hacker needs to crack the system by other means. Hence, even if hackers gain physical access to the system, if the passwords are in the encrypted mode, it will be almost impossible to steal passwords.