Online attacks require real-time interaction with a target system (e.g., a login interface), whereas

offline attacks occur without direct system interaction, typically after obtaining data like password

hashes. A rainbow table attack is an offline method that uses precomputed tables of hash values to

reverse-engineer passwords from stolen hash databases, distinguishing it from the other options,

which are online.

Why B is correct: Rainbow table attacks are performed offline after an attacker has already acquired a

hash (e.g., from a compromised database). The attacker matches the hash against precomputed

tables to find the plaintext password, requiring no interaction with the target system during the

attack. CNSP classifies this as an offline password recovery technique.

Why other options are incorrect:

A: Brute force attacks involve repeatedly submitting password guesses to a live system (e.g., via SSH

or a web login), making it an online attack.

C: Password spraying attacks test a few common passwords across many accounts on a live system,

also an online attack aimed at avoiding lockouts.

D: Phishing attacks trick users into submitting credentials through fake interfaces (e.g., emails or

websites), requiring real-time interaction and thus classified as online.

Reference: CNSP "Password Attack Methodologies" (Section on Online vs. Offline Attacks) defines

rainbow table attacks as offline and contrasts them with online methods like brute force and

phishing.