If a target system logs failed login attempts, what is a typical outcome of password cracking attempts?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

If a target system logs failed login attempts, what is a typical outcome of password cracking attempts?

Explanation:
When authentication events are being monitored, failed login attempts trigger tracking and defensive responses. Repeated failures usually produce many log entries that show the attempted username, source IP, timestamp, and the reason for the failure. This creates a clear trail for defenders to notice brute-force or password-guessing activity and to investigate or alert. To slow or stop an attack, many systems enforce account lockout or throttling after a threshold of failed attempts. This can lock the affected account or temporarily block further login attempts, making it harder for an attacker to brute-force passwords. So, the typical outcome you’d expect is a surge of log entries plus potential account lockouts as a direct result of password-cracking activity. Why the other outcomes aren’t typical: systems generally log authentication events, so no logs is unlikely. Immediate, automatic blocking at the first failure isn’t common because defenses are usually threshold-based rather than instantaneous. Passwords aren’t exposed in plaintext by the system merely through login attempts, especially in properly secured environments where passwords are stored as hashes and not revealed during authentication.

When authentication events are being monitored, failed login attempts trigger tracking and defensive responses. Repeated failures usually produce many log entries that show the attempted username, source IP, timestamp, and the reason for the failure. This creates a clear trail for defenders to notice brute-force or password-guessing activity and to investigate or alert.

To slow or stop an attack, many systems enforce account lockout or throttling after a threshold of failed attempts. This can lock the affected account or temporarily block further login attempts, making it harder for an attacker to brute-force passwords. So, the typical outcome you’d expect is a surge of log entries plus potential account lockouts as a direct result of password-cracking activity.

Why the other outcomes aren’t typical: systems generally log authentication events, so no logs is unlikely. Immediate, automatic blocking at the first failure isn’t common because defenses are usually threshold-based rather than instantaneous. Passwords aren’t exposed in plaintext by the system merely through login attempts, especially in properly secured environments where passwords are stored as hashes and not revealed during authentication.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy