Which statement best describes how password cracking is typically performed during a test?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which statement best describes how password cracking is typically performed during a test?

Explanation:
Cracking passwords is done offline in practice. Once you’ve obtained password hashes from the target environment with proper authorization, you bring those hashes into your own controlled lab and run cracking tools locally (often with GPUs) to try many guesses quickly. This approach lets you test dictionaries, brute-force, and rule-based attacks at high speed without triggering account lockouts, alerts, or other defenses on the live system. It also avoids disrupting users while you evaluate password strength and policy. Social engineering isn’t cracking, and password managers aren’t involved in the cracking process. So the typical method is offline cracking using copied hashes in a controlled environment.

Cracking passwords is done offline in practice. Once you’ve obtained password hashes from the target environment with proper authorization, you bring those hashes into your own controlled lab and run cracking tools locally (often with GPUs) to try many guesses quickly. This approach lets you test dictionaries, brute-force, and rule-based attacks at high speed without triggering account lockouts, alerts, or other defenses on the live system. It also avoids disrupting users while you evaluate password strength and policy. Social engineering isn’t cracking, and password managers aren’t involved in the cracking process. So the typical method is offline cracking using copied hashes in a controlled environment.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy