ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 152 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 152
Topic #: 1
[All 312-50v13 Questions]

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

  • A. Carry out a passive wire sniffing operation using Internet packet sniffers
  • B. Perform a PRobability INfinite Chained Elements (PRINCE) attack
  • C. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
  • D. Request a service ticket for the service principal name of the target service account
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Gibsomd at March 16, 2025, 2:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gibsomd
1 month ago
Selected Answer: D
A Kerberoasting attack is a post-exploitation attack where an attacker with a valid Ticket Granting Ticket (TGT) requests a service ticket (TGS) for a service account in an Active Directory environment. The goal is to obtain a TGS ticket encrypted with the service account’s NTLM hash, which can then be cracked offline to recover the plaintext password.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago