ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 77 discussion

Actual exam question from ISC's CISSP
Question #: 77
Topic #: 1
[All CISSP Questions]

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?

  • A. Hash collision
  • B. Pass the ticket
  • C. Brute force
  • D. Cross-Site Scripting (XSS)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kptest12 at Oct. 10, 2022, 5:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bach1968
Highly Voted 10 months, 1 week ago
Selected Answer: B
Based on the given scenario, the attack method that was MOST likely used to achieve lateral movement using authenticated credentials is the "Pass the ticket" attack (Option B). In a Pass the Ticket attack, an attacker acquires a valid ticket-granting ticket (TGT) or session key from a compromised account or system and uses it to authenticate and impersonate a legitimate user. This allows the attacker to gain unauthorized access to other systems and move laterally within the network without the need for further authentication. It is a common technique used in advanced persistent threats (APTs) to maintain persistent access and expand control within a network.
upvoted 5 times
...
BigITGuy
Most Recent 1 month, 1 week ago
Selected Answer: A
Not A. Hash collision is more related to compromising cryptographic hashes, not typically used for lateral movement via authentication credentials.
upvoted 1 times
...
HughJassole
10 months, 3 weeks ago
B: Pass the ticket. "Pass the Ticket is a credential theft technique that enables adversaries to use stolen Kerberos tickets to authenticate to resources (e.g., file shares and other computers) as a user without having to compromise that user’s password. Adversaries often use this technique to move laterally through an organization’s network to hunt for opportunities to escalate their privileges or fulfill their mission. " https://www.netwrix.com/pass_the_ticket.html
upvoted 3 times
...
DapengZhang
1 year, 1 month ago
Selected Answer: A
Didn't see any clue about ticket or Kerberos from question itself. Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. https://www.crowdstrike.com/cybersecurity-101/lateral-movement/ How to get an initial access in a Challenge and response auth? hash collision.
upvoted 1 times
J_Ko
1 month, 1 week ago
The CHAP system was installed because of pentest, which implies it was not there when the test was done.
upvoted 1 times
...
jackdryan
1 year ago
B is correct
upvoted 1 times
...
...
somkiatr
1 year, 4 months ago
Selected Answer: A
Challenge and response authentication has no ticket. For example, CHAP uses password hashing (MD5 ) and now is considered broken with hash collision. Kerberos is not challenge and response protocol.
upvoted 2 times
somkiatr
1 year, 4 months ago
Pass-the-ticket is an authentication exploit which involves using stolen Kerberos tickets to authenticate to a domain without the account’s password. Also known as the forged ticket attack, it is one of the common and effective techniques to move laterally within a network. The valid Kerberos tickets can be extracted from the lsass memory on a system. Depending on the level of access in a system, the attacker can get hold of the user’s service tickets or ticket granting ticket (TGT) . While the TGT can be used to get the required service tickets from the Ticket Granting Server, the service tickets are the actual key to access specific critical server or service in the network. The two popular exploits in this technique are Silver ticket and Golden ticket. Silver Tickets are used to generate service tickets to access a particular service like MS SQL and the system that hosts the service . Golden tickets on the other hand, are used to generate TGTs for any account in Active Directory.
upvoted 5 times
J_Ko
1 month, 1 week ago
the question states the chap system was installed AFTER the test. So that implies it was not there when the later movement happend.
upvoted 1 times
...
...
jbell
1 year ago
Kerberos uses a nonce in challenge response process. https://www.ietf.org/rfc/rfc4120.txt . Answer B.
upvoted 1 times
...
...
sec_007
1 year, 6 months ago
Selected Answer: B
https://www.qomplx.com/qomplx-knowledge-pass-the-ticket-attacks-explained/
upvoted 2 times
...
franbarpro
1 year, 7 months ago
"Pass the Hash" beby - Oooh wait is Kerboros, well let's "Pass the ticket" then!
upvoted 1 times
...
kptest12
1 year, 7 months ago
Selected Answer: B
A common exploit, called pass the ticket, is the process of an attacker forging a ticket and passing it along to authenticate to a resource.
upvoted 4 times
Jamati
1 year, 6 months ago
With pass the ticket the hacker does not forge a ticket, they simply steal existing ones. It's the Silver Ticket attack where tickets are forged.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago