CISSP Practice Exam 2025 – Complete Prep Guide

A dictionary attack is a method used primarily to gain unauthorized access to accounts by systematically entering every word in a predefined list, known as a dictionary. This list typically contains common passwords, phrases, or variations thereof, making the approach focused on exploiting weak or easily guessable passwords. The logic behind this technique is straightforward; many users choose simple, predictable passwords that are found in dictionaries.

In this context, the attack leverages the fact that individuals frequently opt for words, names, or common phrases, which are easily derived from these lists. Consequently, the attack can be particularly effective against users who demonstrate poor password hygiene by failing to create complex, unique passwords.

The other options reflect different types of cyber attacks or tactics. For instance, exploiting software bugs refers to vulnerability exploitation rather than password guessing, which is unrelated to the mechanics of a dictionary attack. An attack against network services focuses more on disrupting service availability or targeting specific functions of networked systems, while intercepting network traffic involves techniques such as packet sniffing rather than attempting unauthorized access through user credentials. Hence, while all options describe forms of cyber attacks, only the option describing the use of common passwords accurately defines a dictionary attack.