A security analyst reviews authentication logs and discovers hundreds of failed login attempts from a single external IP address within a five-minute window. All attempts target the same username 'jsmith' but use different passwords. Which type of password attack does this pattern most likely indicate?
Correct. A brute force attack systematically tries many passwords against a single account. The log pattern of hundreds of different passwords for the same username matches this method.
Why this answer
The pattern of hundreds of failed login attempts from a single external IP address targeting the same username 'jsmith' with different passwords is characteristic of a brute force attack. In a brute force attack, the attacker systematically tries many password guesses against a single account to eventually find the correct credential. This contrasts with password spraying, where a few common passwords are tried against many usernames, and credential stuffing, which uses previously compromised username/password pairs from other breaches.
Exam trap
The trap here is confusing brute force with password spraying: candidates often pick password spraying because they see 'different passwords,' but the key differentiator is the single target username versus multiple usernames, which defines the attack vector.
How to eliminate wrong answers
Option A is wrong because password spraying involves trying a small number of common passwords (e.g., 'Password123', 'Welcome1') against many different usernames to avoid account lockouts, not hundreds of different passwords against a single username. Option C is wrong because credential stuffing uses known username/password combinations from previous data breaches, not random or systematically generated passwords, and would typically show a mix of successes and failures rather than all failures with varying passwords.