This is 100% a password spray attack (brute force). Credential stuffing is a whole other technique when a username password pair are stolen (known) and used across other websites etc... to try and extended the breach, catching users who use the same login details across other websites/portals/resources etc.... https://owasp.org/www-community/attacks/Credential_stuffing#:~:text=An%20attacker%20takes%20the%20breached,sally%E2%80%9D%20is%20reusing%20their%20password.
This is definitely a credential stuffing attack. This attack involves a large number of username and password pairs to gain unauthorized access to user accounts on targeted online services. In this case they are were matching the password with an entire file of usernames.
C. This is a password-dictionary attack, and it can be mitigated by enforcing strong password policies and implementing account lockout mechanisms.
The script is attempting a password-dictionary attack, which involves trying a list of commonly used passwords against a large number of user accounts. The script uses a loop to iterate through a list of usernames contained in the "allusers.txt" file and attempts to log in to a system using the username and the password "passwordi23", which is a weak and easily guessable password.
It sounded like you defined dictionary attack, but then described a password spray attack. The script is trying to use the same password on a bunch of accounts
The answer is B. This is a "password spraying" attack and can be mitigated using MFA. D could've been the right answer but there is no technical term called "multistep" authentication. The CYSA + Certificaton study guide explicitly states for both occurances "For organizations , mandating "Mulifactor Authentication" is effective in slowing the effectiveness of attacks, especially those that are automated.
from the article, "Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application. For example, an attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute forcing a single account with many passwords". Answer is indeed B.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Stiobhan
Highly Voted 2 years, 2 months ago2Fish
2 years, 1 month agoSimonR2
Most Recent 1 year, 9 months agoTricee
2 years agoencxorblood
2 years, 2 months agoNerdAlert
2 years agoAaronS1990
2 years, 2 months agoddcnsd65
2 years, 2 months agoprntscrn23
2 years, 4 months agoprntscrn23
2 years, 4 months agocmllsu
2 years, 4 months agomrodmv
2 years, 4 months agoComptia_Secret_Service
2 years, 4 months ago