I can't believe they actually used "pwned".... Great videos, I am going through all your PBQ's after failing the Sec+ by 10 points due to these questions. Surely next attempt will be a pass!
CompTIA's semantics really grinds my gears sometimes. How is Attack 2 not a dictionary attack? The attacker literally used rockyou, a wordlist, as their dictionary for the attack? I thought brute-force attacks are about trying every possible combination of characters, and NOT using a wordlist like rockyou? Also hashcat and john the ripper are almost the same tool. In fact, most professionals these days use hashcat w/ multiple GPUs as it is faster than JtR. They justified hashcat being used in Attack 2 and not Attack 3 just because the question mentioned "hash"? Hashcat can also be used on Attack 3. What a load of bullshit
Yep, it's dictionary attack by the book. ChatGPT: In the context of using "rockyou.txt.gz" for a dictionary attack, it's not a brute force attack because the attacker isn't trying every possible combination of characters. Instead, they're using a list of commonly used passwords and words.
I don’t understand how the second one is not a dictionary attack if the attacker is using the rockyou wordlist. Brute force would mean you are using every possible combination.
The hybrid one is a little iffy, would you technically be bruteforcing?? Seems like just a dictionary attack to me, just MAYBE adding characters to each line for the salt. (As we are using the file from haveibeenpwned). That was tough 😂 good work boss
How is Attack 2 not a dictionary attack? The attacker literally used rockyou, a wordlist, as their dictionary for the attack? I thought brute-force attacks are about trying every possible combination of characters, and NOT using a wordlist like rockyou?
@@iSgapettiI believe since it had keywords like “tool several hours to recreate” meaning it’s more of a brute force. I agree I would not have picked it though. That’s why we gotta watch these and learn how to answer the CompTIA questions and not necessarily how we would answer. So many questions have multiple “correct” answers but there is always the one they are looking for.
Yes, I always skip and go back. After you finish the last question a window appears with 1-90 so u can click 1 and do the pbqs. Helps with stress and time management
@@tim57564I’ve also heard people say “tag” a question for later. Is there a button to click for each question or is there a visual aid to see what questions remain once you choose an answer to the last question?
@@Squatch76 yes when you are done with the last question they bring you to a screen with all of the questions, and you can see which ones you flagged. You can also jump from one question to another.
I don't see those tools listed in the objectives anywhere. How are we supposed to know what tools to be familiar with?
"Jovan Hayden: Each time I watch your videos I feel nervous about taking the sec+ but I keep learning so fingers crossed"
Me too!
I can't believe they actually used "pwned"....
Great videos, I am going through all your PBQ's after failing the Sec+ by 10 points due to these questions. Surely next attempt will be a pass!
Hi, did you retake the exams, do they let you skip the pbq's and were they similar to the questions on here ?
CompTIA's semantics really grinds my gears sometimes. How is Attack 2 not a dictionary attack? The attacker literally used rockyou, a wordlist, as their dictionary for the attack?
I thought brute-force attacks are about trying every possible combination of characters, and NOT using a wordlist like rockyou?
Also hashcat and john the ripper are almost the same tool. In fact, most professionals these days use hashcat w/ multiple GPUs as it is faster than JtR. They justified hashcat being used in Attack 2 and not Attack 3 just because the question mentioned "hash"? Hashcat can also be used on Attack 3. What a load of bullshit
same problem here
Yep, it's dictionary attack by the book.
ChatGPT: In the context of using "rockyou.txt.gz" for a dictionary attack, it's not a brute force attack because the attacker isn't trying every possible combination of characters. Instead, they're using a list of commonly used passwords and words.
How tf are we supposed to answer a question like this in 1-5 minutes. I hate these questions smh most of this stuff isn’t even in the objectives
exactly
"we should always restart first" Love it
I guess we've heard of the tools now. "Mimikatz vs Windows and Kerberos."
Professor Messer mentioned John the Ripper in one of his videos.
Where can i learn more about these tools thats something new to me. Not in my study guide or any course ive watched
Hi Zachery, I do teach all of these tools in my Security+ course: cyberkrafttraining.com/security-plus-sp/
Thank you
I don’t understand how the second one is not a dictionary attack if the attacker is using the rockyou wordlist. Brute force would mean you are using every possible combination.
Always catch me out with the first few seconds of video just smiling ..I always think "is my sound working?" Great vids though cheers!
Will this kind of question be asked in the 701?
Good video, thanks!
Next out of touch pbq, those tools arent even mentioned in objective list
The hybrid one is a little iffy, would you technically be bruteforcing?? Seems like just a dictionary attack to me, just MAYBE adding characters to each line for the salt. (As we are using the file from haveibeenpwned). That was tough 😂 good work boss
How is Attack 2 not a dictionary attack? The attacker literally used rockyou, a wordlist, as their dictionary for the attack?
I thought brute-force attacks are about trying every possible combination of characters, and NOT using a wordlist like rockyou?
@@iSgapettiI believe since it had keywords like “tool several hours to recreate” meaning it’s more of a brute force. I agree I would not have picked it though. That’s why we gotta watch these and learn how to answer the CompTIA questions and not necessarily how we would answer. So many questions have multiple “correct” answers but there is always the one they are looking for.
Wow, I hope I don't get one like this.
is it possible to skip PBQ question on the exam and then return to answer it later ?
Yes, I always skip and go back. After you finish the last question a window appears with 1-90 so u can click 1 and do the pbqs. Helps with stress and time management
@@tim57564I’ve also heard people say “tag” a question for later. Is there a button to click for each question or is there a visual aid to see what questions remain once you choose an answer to the last question?
@@Squatch76 yes when you are done with the last question they bring you to a screen with all of the questions, and you can see which ones you flagged. You can also jump from one question to another.
@@jorgevalencia6926 amazing I was hoping that was the case. Thanks very much for the info. Taking this exam in a couple weeks.
Thanks for posting! Why would both a root and secure cert be needed? Please feel free to pretend like you're speaking to an 8-year-old with reply.
Good question
Pwned!
These are the most poorly written prompts I have ever seen in my life lol