Practice Test Question – Pass-the-Hash Attack

Practice Test Question – Pass-the-Hash Attack

Practice Test Question – Pass-the-Hash Attack

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.

Which one of the following types of access is necessary to engage in a pass-the-hash attack?

A. Access to a domain workstation
B. Access to a domain controller
C. Access to a network segment
D. Access to a public website

Correct Answer: A

In a pass-the-hash attack, the attacker must gain access to hashed Windows account passwords. This is possible by gaining access to a Windows workstation where the target user logs into his or her domain account. Access to a domain controller is not necessary. Access to a network segment or public website is not sufficient because hashed passwords are not generally found in those locations in unencrypted form.

Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!

No Comments

Post A Comment