help confirm/explain answers to some questions

I'm confused about the answers to the following questions. Could anybody help explain them? Thanks.

Which of the following is a password cracking method?
A. Smurf attack
B. Birthday attack
C. Man-in-the-middle attack
D. Hybrid attack
Answer: D

Isn't Birthday attack also a password cracking method?

Which of the following is an effective method to identify the source of unauthorized zone transfers?
A. Change the default port that the DNS server uses.
B. Enable and evaluate the DNS transaction logs.
C. Enable the DNS authentication for the entire organization.
D. Enable better physical access to the DNS server.
Answer: D

I prefer answer B. Why is it wrong?

A user needs access to a drive to edit documents on a particular shared folder. According to the rule
of least privilege, which rights should the user have?
A. Read to the shared folder
B. Read and write to the shared folder
C. Read and write to the entire drive
D. Read to the entire drive
Answer: C

I think the answer is B. Why is it necessary to grant access to the entire drive?

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

mohcom

1- Hybrid attack -- birthday attacks deal with probability (math) while hybrid attacks use dictionary words and try different variations of upper/lower case, etc... so hybrid attack makes more sense.

2- DNS... I agree with you and i disagree with the answer... Physical Access... that doesn't make sense to me.

3- This answer is completely wrong.. it is defintely not C (read/write to entire drive) which means allowing access to other folders on that drive... and that's the exact opposite of the least privilige principle...

Just out of curiosity.. where did you get these responses from?

dynamik

Yea, as noted above, the birthday attack isn't an actual attack, just probability, and the other two are wrong. I'm curious about where you're getting these questions as well.

a3590166

dynamik wrote: »

Yea, as noted above, the birthday attack isn't an actual attack, just probability, and the other two are wrong. I'm curious about where you're getting these questions as well.

Is there any restriction on posting the source? Its name becomes ************ after I submit the reply. Although there are many controversial answers, they have pretty amazing coverage on the test. I passed the exam yesterday by reading mainly these questions. Maybe I'm lucky enough to not encounter those controversial questions.