Chapter 49 Β· Quiz

Replay Attacks Quiz

6 multiple-choice questions and a matching section. Submit to reveal answers and explanations.

Question 1 of 6
What distinguishes a replay attack from an on-path attack?
Question 2 of 6
In a pass-the-hash attack, what does the attacker capture and subsequently reuse?
Question 3 of 6
Which of the following correctly explains why salting (nonce-based authentication) prevents pass-the-hash replay attacks?
Question 4 of 6
What is session hijacking (sidejacking), and why does it succeed even against users who have authenticated with strong passwords and multi-factor authentication?
Question 5 of 6
Which tool was specifically designed to automate session cookie capture and one-click session hijacking against users on the same open Wi-Fi network, and what was its primary historical significance?
Question 6 of 6
What is the most effective defense against both pass-the-hash and session ID replay attacks conducted over a network?
Matching β€” Replay Attack Concepts
Match each term on the left to its correct description on the right.
1. Replay Attack
2. Pass-the-Hash
3. Session Hijacking
4. Session ID
A. A unique identifier issued by a server after successful authentication, stored in a browser cookie and transmitted with every subsequent request; used to maintain a logged-in session without re-entering credentials
B. A replay attack technique where a captured username and password hash are retransmitted to authenticate as the victim β€” no plaintext password or hash-cracking required
C. An attack where captured legitimate network data is retransmitted later to impersonate the original sender; does not require the attacker to remain in the communication path during the replay
D. An attack where a valid session token captured from network traffic or a browser cookie is used to access a web server as an authenticated user β€” without credentials