24 Jun Practice Test Question – Pass-the-Hash Attack
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Which one of the following types of access is necessary to engage in a pass-the-hash attack?
A. Access to a domain workstation
B. Access to a domain controller
C. Access to a network segment
D. Access to a public website
Correct Answer: A
In a pass-the-hash attack, the attacker must gain access to hashed Windows account passwords. This is possible by gaining access to a Windows workstation where the target user logs into his or her domain account. Access to a domain controller is not necessary. Access to a network segment or public website is not sufficient because hashed passwords are not generally found in those locations in unencrypted form.