ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 235 discussion

Actual exam question from CompTIA's PT0-002
Question #: 235
Topic #: 1
[All PT0-002 Questions]

A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

  • A. Use Patator to pass the hash and Responder for persistence.
  • B. Use Hashcat to pass the hash and Empire for persistence.
  • C. Use a bind shell to pass the hash and WMI for persistence.
  • D. Use Mimikatz to pass the hash and PsExec for persistence.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Frog_Man at Feb. 22, 2023, 12:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cy_analyst
Highly Voted 1 year, 5 months ago
Selected Answer: D
Mimikatz is a popular tool used for extracting password hashes from Windows memory. It can also be used to pass the hash, which allows an attacker to authenticate to a system without knowing the actual password, using only the extracted password hash. PsExec is a Windows tool that allows for remote command execution, making it a good option for establishing persistence using the newly acquired credentials.
upvoted 5 times
cy_analyst
1 year, 4 months ago
I also think that the same "job" can be done with answer B
upvoted 2 times
...
...
solutionz
Most Recent 1 year ago
Selected Answer: D
D. Use Mimikatz to pass the hash and PsExec for persistence. The other options combine tools and techniques that don't align with the task described or are not typically used for the purposes of passing the hash and creating persistence.
upvoted 1 times
...
nickwen007
1 year, 5 months ago
lsass.exe is a Windows process that is responsible for local security authentication and authorization. It is necessary for normal system operation and should not be terminated unless absolutely necessary. However, it can be targeted by malicious actors as it is responsible for verifying credentials, making it a prime target for attacks like Pass-the-Hash or similar credential harvesting techniques. It is important to practice good cyber security hygiene to protect systems against these types of attacks.
upvoted 1 times
...
zimuz
1 year, 5 months ago
Selected Answer: D
d for chat gpt
upvoted 3 times
...
kloug
1 year, 5 months ago
dddddddddd
upvoted 3 times
...
Frog_Man
1 year, 5 months ago
B - from Wikipedia
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel