ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 440 discussion

Actual exam question from CompTIA's PT0-002
Question #: 440
Topic #: 1
[All PT0-002 Questions]

A penetration tester obtains the hash of a service account within a customer’s Active Directory. Which of the following attacks should the penetration tester attempt next?

  • A. Password spraying
  • B. Golden ticket
  • C. Cache poisoning
  • D. Kerberoasting
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Snagggggin at Jan. 28, 2025, 6:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ric350
1 month, 2 weeks ago
Selected Answer: A
The next step should be to pass the hash once you've obtained the hash. But that is not an option here hence my choice for A.
upvoted 1 times
...
Ric350
1 month, 2 weeks ago
Selected Answer: A
Kerberoasting is a post-exploitation attack used in Microsoft Active Directory environments to obtain password hashes for service accounts. The question states the pen tester already obtained the hash of the service account. So there is no need for kerberoasting. It's asking what would be the next step now that the hash of the service account has been obtained. Or am I just not reading/understanding this correctly?
upvoted 2 times
study_study
3 weeks, 1 day ago
I think I agree with your answer, as it makes the most sense when thinking about pen testing. Poor question though in my opinion.
upvoted 1 times
...
...
Snagggggin
2 months, 3 weeks ago
Selected Answer: D
D. Kerberoasting Kerberoasting involves requesting a service ticket for the service account from the Kerberos Key Distribution Center (KDC). The ticket is then encrypted with the service account's password. By capturing the ticket and attempting to crack it offline, the tester can potentially recover the account's plaintext password. Here's why the other options are less suitable in this context: A. Password spraying: This involves trying common passwords against many accounts to avoid lockouts, but it doesn't leverage the obtained hash. B. Golden ticket: This attack requires the hash of the KRBTGT account, not a service account. C. Cache poisoning: Typically targets DNS or ARP caches, unrelated to the scenario of having a service account hash.
upvoted 1 times
Ric350
1 month, 2 weeks ago
But Kerberoasting is a post-exploitation attack used in Microsoft Active Directory environments to obtain password hashes for service accounts. The question states the pen tester already obtained the has of the service account. So by your own explanation for kerberoasting and how the account's plaintext password can be recovered, I would think that using that password and password spraying to see what other account can be exploited/breached without being detected. This is a pen test exam so this is where my head goes and why I'd think the answer would be A. Would love others thoughts on this as these options are somewhat flawed here and feel these exams test to see how well you can read and interpret their questions lol.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago