The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address:
Which of the following most likely describes the attack that took place?
The pattern observed in the event logs shows multiple failed attempts for different user accounts (userA, userB, and userC) from the same IP address. This behavior is indicative of a password spraying attack, where an attacker attempts to gain unauthorized access to several user accounts by trying a few common passwords on many usernames to avoid triggering account lockout mechanisms. In contrast, a brute-force attack focuses on one account and tries many passwords until it finds the correct one or the account is locked. Therefore, the most likely attack described is password spraying.
choose A 2024-20-2 On Test and passed with 802
Password spraying for sure because in a brute force attack, hackers choose a vulnerable ID and enter passwords one after another hoping some password might let them in. On the other hand, password spraying, is when one password is applied to multiple user IDs so that at least one of the user ID is compromised.
I think the answer should be spraying because they were attempting to log in with different user accounts.
Has to be either brute force or spraying... Since we cannot see the input it's hard to judge. On one hand, spraying generally use password, go next, use password, go next....etc. On the other hand brute force generally goes untill lockout took place, which we cannot see. Overall, shitty question.
A. Spraying The described attack most likely corresponds to a "Password Spraying" attack. In a password spraying attack, the attacker attempts to gain unauthorized access to multiple user accounts by trying a few commonly used passwords against many usernames
A Is the correct answer
Answer should be spraying.
A Spraying. Attack an account with the top three (or more) passwords – If they don’t work, move to the next account – No lockouts, no alarms, no alerts
So, the correct answer is brute-force? I would think spraying would be the correct answer.
It is Spraying. This site has to give incorrect answers to not be the "same exact" as the actual test. Go by "most voted" and look at discussions.
It is for sure Brute-force because Brute-force attacks are generally characterized by multiple failed login attempts for a single account or multiple accounts. Whereas Spraying attacks are designed to evade account lockout mechanisms that might trigger with multiple failed attempts for a single account.
It is for sure NOT brute-force. Brute-force would go until that account is locked. Notice how it switches users every 2 tries. This is spraying.
Kinda answered you own question at the end. Attacker only attempts each user twice to avoid lockout. Answer is spraying.
A. Spraying