CompTIA: Advanced Security Practitioner (CASP) Exam Prep

Answer: B - A password guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords to gain access to a system.

Key Takeaway: Although this type of attack could have been any form of password guessing, brute force, or dictionary attacks, this case is a password guessing attack. A brute force attack is the last resort in trying to hack a password. This would work only if there is no limit to the number of password attempts and the password is of manageable length. A dictionary attack makes use of cracking programs that accept personal information about the user being attacked and generate common variations for passwords suggested by that information. A password guessing attack is a bit of both where the user manually guesses the different password combinations possible, based upon a bit of knowledge about the user.