GPEN Practice Questions: Password Attacks (formats, hashes, advanced attacks) Domain
Test your GPEN knowledge with 10 practice questions from the Password Attacks (formats, hashes, advanced attacks) domain. Includes detailed explanations and answers.
GPEN Practice Questions
Master the Password Attacks (formats, hashes, advanced attacks) Domain
Test your knowledge in the Password Attacks (formats, hashes, advanced attacks) domain with these 10 practice questions. Each question is designed to help you prepare for the GPEN certification exam with detailed explanations to reinforce your learning.
Question 1
When performing a password attack, which factor is least likely to affect the success of a dictionary attack?
Show Answer & Explanation
Correct Answer: B
Explanation: Network latency primarily affects the speed of online attacks, not the success of a dictionary attack. Password length, dictionary size, and complexity directly impact the likelihood of success.
Question 2
What is a key limitation of using brute force attacks on hashed passwords?
Show Answer & Explanation
Correct Answer: C
Explanation: Brute force is time-consuming, especially for long passwords. It does not require pre-computed tables and is not limited to weak hashes. Network speed is irrelevant to hash cracking.
Question 3
When analyzing a password policy, which factor is most crucial to assess its strength against brute force attacks?
Show Answer & Explanation
Correct Answer: A
Explanation: Password complexity requirements directly impact the difficulty of brute force attacks. Account lockout helps prevent repeated attempts, but complexity is a primary deterrent. History and expiration impact password reuse and update frequency.
Question 4
During a penetration test, you encounter a hashed password in the format $6$rounds=5000$salt$hash. Which hash type is this?
Show Answer & Explanation
Correct Answer: D
Explanation: The format $6$rounds=5000$salt$hash indicates a SHA-512 crypt hash. The number 6 specifies SHA-512 in crypt hashing, while MD5 is indicated by 1, and bcrypt has a different format entirely.
Question 5
What is the primary advantage of using the Pass-the-Hash (PtH) technique?
Show Answer & Explanation
Correct Answer: A
Explanation: PtH allows authentication without knowing the plaintext password, bypassing complexity requirements. It does not extract plaintext or crack hashes, and account lockouts depend on the authentication system.
Question 6
Which factor makes a salted hash more secure than an unsalted hash?
Show Answer & Explanation
Correct Answer: B
Explanation: A unique salt per user ensures that identical passwords result in different hashes, preventing precomputed attacks like rainbow tables. Salt does not increase hash length significantly, nor does it involve encryption or affect computation speed.
Question 7
Which technique is most effective for extracting password hashes from a Linux system?
Show Answer & Explanation
Correct Answer: B
Explanation: Password hashes are stored in /etc/shadow, which is protected. /etc/passwd contains only user information. Keyloggers and network interception are not used for hash extraction.
Question 8
You have obtained a list of hashed passwords from a target system. Which strategy should you prioritize to efficiently crack these hashes?
Show Answer & Explanation
Correct Answer: B
Explanation: A dictionary attack is efficient for cracking hashes when common passwords are used. Rainbow tables require pre-computed tables, and brute force is time-consuming. Social engineering is unrelated to hash cracking.
Question 9
You have obtained several password hashes from a compromised system. Which factor should you prioritize when selecting a cracking strategy?
Show Answer & Explanation
Correct Answer: B
Explanation: The hash algorithm determines the complexity and computational requirements for cracking. Hash length and file size are less relevant, while the OS version doesn't directly impact hash cracking.
Question 10
Which factor significantly increases the difficulty of cracking a password hash?
Show Answer & Explanation
Correct Answer: C
Explanation: The use of salts makes it difficult to crack password hashes as it requires each hash to be cracked individually. The algorithm, length, and complexity also play roles but are not as impactful as salting.
Ready to Accelerate Your GPEN Preparation?
Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.
- ✅ Unlimited practice questions across all GPEN domains
- ✅ Full-length exam simulations with real-time scoring
- ✅ AI-powered performance tracking and weak area identification
- ✅ Personalized study plans with adaptive learning
- ✅ Mobile-friendly platform for studying anywhere, anytime
- ✅ Expert explanations and study resources
Already have an account? Sign in here
About GPEN Certification
The GPEN certification validates your expertise in password attacks (formats, hashes, advanced attacks) and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.