During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?
A.
nslookup ג€"type=srv _ldap._tcp.dc._msdcs.corp.local
B.
nmap ג€"sV ג€"p 389 - -script=ldap-rootdse corp.local
C.
net group ג€Domain Controllersג€ /domain
D.
gpresult /d corp.local /r ג€Domain Controllersג€
A should be right.
The Keyword is "information gatherin phase"
so you are not actively engaging with the system, and querying the dns is no activly as far as it concerns the comptia.
the net group command would work after you gained access to a domain joined workstation as well.
And yes sure you could scan with nmap for ldap ports .
But these two are not in the Info-Gathering Phase.
A.
https://www.tecknowledgebase.com/6383/how-you-can-find-out-the-name-and-ip-address-of-the-ad-domain-controller-on-your-network/
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
miabe
2 years, 11 months agoMrRiver
3 years, 9 months agosmalltech
4 years ago