Controls to Prevent Password Sniffing Attacks on Computer Systems | SSCP Exam Preparation

Preventing Password Sniffing Attacks

Prev Question Next Question

Question

Controls to keep password sniffing attacks from compromising computer systems include which of the following?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid.

Encryption will also minimize these types of attacks.

The following answers are correct: static and recurring passwords.

This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much easier if it never changed.

encryption and recurring passwords.

This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being captured.

static and one-time passwords.

This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the risk of passwords being captured.

The most effective way to prevent password sniffing attacks is by implementing strong encryption measures, such as encrypting all network traffic that contains sensitive information. This ensures that even if an attacker intercepts the traffic, they will not be able to read it.

Additionally, the use of one-time passwords is also an effective way to prevent password sniffing attacks. One-time passwords are passwords that are valid for only one login session or transaction, and they can be generated using hardware or software tokens. Because these passwords are only valid for a short period of time, even if they are intercepted, they will not be of use to an attacker.

On the other hand, using static passwords or recurring passwords (passwords that are reused over time) can make it easier for an attacker to sniff and capture passwords, as they are transmitted in plain text and remain the same over multiple login sessions.

Therefore, the correct answer to this question is option C: one-time passwords and encryption. This combination provides a strong defense against password sniffing attacks by ensuring that passwords are always encrypted during transmission and that they are only valid for a single login session.