Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Isc Discussions

Exam CISSP topic 1 question 77 discussion

Actual exam question from ISC's CISSP
Question #: 77
Topic #: 1
[All CISSP Questions]

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?

  • A. Hash collision
  • B. Pass the ticket
  • C. Brute force
  • D. Cross-Site Scripting (XSS)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kptest12 at Oct. 10, 2022, 5:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Bach1968
9 months, 3 weeks ago
Selected Answer: B
Based on the given scenario, the attack method that was MOST likely used to achieve lateral movement using authenticated credentials is the "Pass the ticket" attack (Option B). In a Pass the Ticket attack, an attacker acquires a valid ticket-granting ticket (TGT) or session key from a compromised account or system and uses it to authenticate and impersonate a legitimate user. This allows the attacker to gain unauthorized access to other systems and move laterally within the network without the need for further authentication. It is a common technique used in advanced persistent threats (APTs) to maintain persistent access and expand control within a network.
upvoted 2 times
...
HughJassole
10 months, 1 week ago
B: Pass the ticket. "Pass the Ticket is a credential theft technique that enables adversaries to use stolen Kerberos tickets to authenticate to resources (e.g., file shares and other computers) as a user without having to compromise that user’s password. Adversaries often use this technique to move laterally through an organization’s network to hunt for opportunities to escalate their privileges or fulfill their mission. " https://www.netwrix.com/pass_the_ticket.html
upvoted 1 times
...
DapengZhang
1 year, 1 month ago
Selected Answer: A
Didn't see any clue about ticket or Kerberos from question itself. Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. https://www.crowdstrike.com/cybersecurity-101/lateral-movement/ How to get an initial access in a Challenge and response auth? hash collision.
upvoted 1 times
jackdryan
11 months, 2 weeks ago
B is correct
upvoted 1 times
...
...
somkiatr
1 year, 4 months ago
Selected Answer: A
Challenge and response authentication has no ticket. For example, CHAP uses password hashing (MD5 ) and now is considered broken with hash collision. Kerberos is not challenge and response protocol.
upvoted 2 times
jbell
1 year ago
Kerberos uses a nonce in challenge response process. https://www.ietf.org/rfc/rfc4120.txt . Answer B.
upvoted 1 times
...
somkiatr
1 year, 4 months ago
Pass-the-ticket is an authentication exploit which involves using stolen Kerberos tickets to authenticate to a domain without the account’s password. Also known as the forged ticket attack, it is one of the common and effective techniques to move laterally within a network. The valid Kerberos tickets can be extracted from the lsass memory on a system. Depending on the level of access in a system, the attacker can get hold of the user’s service tickets or ticket granting ticket (TGT) . While the TGT can be used to get the required service tickets from the Ticket Granting Server, the service tickets are the actual key to access specific critical server or service in the network. The two popular exploits in this technique are Silver ticket and Golden ticket. Silver Tickets are used to generate service tickets to access a particular service like MS SQL and the system that hosts the service . Golden tickets on the other hand, are used to generate TGTs for any account in Active Directory.
upvoted 5 times
...
...
sec_007
1 year, 6 months ago
Selected Answer: B
https://www.qomplx.com/qomplx-knowledge-pass-the-ticket-attacks-explained/
upvoted 2 times
...
franbarpro
1 year, 6 months ago
"Pass the Hash" beby - Oooh wait is Kerboros, well let's "Pass the ticket" then!
upvoted 1 times
...
kptest12
1 year, 6 months ago
Selected Answer: B
A common exploit, called pass the ticket, is the process of an attacker forging a ticket and passing it along to authenticate to a resource.
upvoted 4 times
Jamati
1 year, 5 months ago
With pass the ticket the hacker does not forge a ticket, they simply steal existing ones. It's the Silver Ticket attack where tickets are forged.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel