ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 450 discussion

Actual exam question from CompTIA's PT0-002
Question #: 450
Topic #: 1
[All PT0-002 Questions]

During the reconnaissance phase, a penetration tester runs the following command:

sudo responder -I tun0

The result of the command is a list of NTLMv2 hashes. Which of the following should the penetration tester do next?

  • A. Use the hash in a password spraying attack.
  • B. Use the hashes in a collision attack.
  • C. Attempt to pass the hash with CrackMapExec.
  • D. Crack the hash with Hashcat.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Snagggggin at Jan. 28, 2025, 6:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kinny4000
2 months, 2 weeks ago
Selected Answer: D
The NTLMv2 hash cannot be used in a Pass-the-Hash (PtH) attack directly because it includes a challenge-response mechanism.
upvoted 1 times
...
Snagggggin
2 months, 3 weeks ago
Selected Answer: D
D is correct.
upvoted 4 times
...
Snagggggin
2 months, 3 weeks ago
Selected Answer: C
I would argue that passing the hash is much quicker and there is no guarantee the hash can be cracked. I believe it would be better to first attempt passing the hash and getting into the machine, if unsuccessful then you can easily pivot to cracking the hash.
upvoted 2 times
Snagggggin
2 months, 3 weeks ago
I take this back, after reading this the key word here is "reconnaissance phase" by passing the hash you are attempting an unauthorized access exploit which would not be part of reconnaissance.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago