GIAC Foundational Cybersecurity Technologies Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the GIAC Foundational Cybersecurity Technologies Test. Utilize flashcards and multiple-choice questions, each with detailed hints and explanations to excel. Boost your readiness for the exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What attack does the command indicated below attempt?

Dictionary attack against known user accounts on a website
Dictionary attack against unknown user accounts on a website
Search for valid accounts using a wordlist against a website
Search for directories not linked to public areas of a website

The correct answer is: Search for directories not linked to public areas of a website

The command indicated in the question suggests an intention to find hidden directories or files that are not linked to the publicly accessible areas of a website. This kind of action typically falls under the practice of directory brute-forcing, where an attacker uses a list of potential directory names (often referred to as a wordlist or dictionary) to probe a web server. By sending requests to various endpoint paths according to their wordlist, the attacker is trying to uncover directories or resources that are not indexed or are otherwise obscured from normal browsing or search engine crawling. If a directory exists but is not linked anywhere on the site, this command could successfully expose it, potentially revealing sensitive information or functionality. In this context, the other options do not align with the action implied by the command. Dictionary attacks primarily focus on brute-forcing passwords through known usernames or accounts, whereas the intent here is to discover valid directories rather than checking user credentials against a site.