Which attack uses a predefined set of rules to mutate or generate password guesses from common words?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which attack uses a predefined set of rules to mutate or generate password guesses from common words?

Explanation:
Rule-based attacks rely on a predefined set of transformation rules that alter words from a base dictionary to create many password guesses. The core idea is that people often derive passwords by applying common patterns to simple words, such as capitalizing the first letter, substituting letters with similar-looking numbers or symbols, adding digits at the end or in the middle, or mixing cases. By applying these rules to each word in a wordlist, an attacker can generate a large set of plausible candidates that stay close to real words while reflecting typical user behaviors. This approach is more efficient than trying every possible string (brute force) and more targeted than a plain dictionary attack, which checks words exactly as listed without mutations. It also differs from a rainbow table, which relies on precomputed hash lookups for specific inputs rather than systematically mutating base words with rules.

Rule-based attacks rely on a predefined set of transformation rules that alter words from a base dictionary to create many password guesses. The core idea is that people often derive passwords by applying common patterns to simple words, such as capitalizing the first letter, substituting letters with similar-looking numbers or symbols, adding digits at the end or in the middle, or mixing cases. By applying these rules to each word in a wordlist, an attacker can generate a large set of plausible candidates that stay close to real words while reflecting typical user behaviors. This approach is more efficient than trying every possible string (brute force) and more targeted than a plain dictionary attack, which checks words exactly as listed without mutations. It also differs from a rainbow table, which relies on precomputed hash lookups for specific inputs rather than systematically mutating base words with rules.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy