CompTIA PenTest+ (PT0-001) — Question 158

During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?

Answer options

• A. nslookup ג€"type=srv _ldap._tcp.dc._msdcs.corp.local
• B. nmap ג€"sV ג€"p 389 - -script=ldap-rootdse corp.local
• C. net group ג€Domain Controllersג€ /domain
• D. gpresult /d corp.local /r ג€Domain Controllersג€

Correct answer: A

Explanation

The correct answer is A because the nslookup command with the specified parameters queries the DNS for service records related to domain controllers. Options B, C, and D do not specifically retrieve domain controller information in the same manner, making them less appropriate for this task.