A highly complex password policy has made it nearly impossible to crack account passwords.
Which of the following might a hacker still be able to perform?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Even with a highly complex password policy, a hacker may still be able to perform certain types of attacks.
A Pass-the-hash attack (A) is a type of attack where a hacker captures the password hash of a user and then uses it to authenticate to the system without knowing the actual password. This type of attack is possible because of weaknesses in the way passwords are stored and transmitted.
ARP poisoning (B) is another type of attack where a hacker can intercept network traffic and redirect it to their own machine. This can allow them to capture passwords or other sensitive information as it passes through the network.
A birthday attack (C) is a cryptographic attack that exploits the birthday paradox, which states that in a group of 23 people, there is a greater than 50% chance that two people will have the same birthday. In a similar way, a birthday attack can be used to find collisions in a cryptographic hash function, which can allow a hacker to guess a password.
Finally, a brute force attack (D) is a type of attack where a hacker tries every possible combination of characters until the correct password is guessed. This type of attack can take a long time, but it is still possible even with a complex password policy.
Therefore, the correct answer to the question is D, brute force attack.