CompTIA PenTest+ (PT0-001) — Question 195

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

Answer options

• A. dsrm -users ג€DN=company.com; OU=hq CN=usersג€
• B. dsuser -name -account -limit 3
• C. dsquery user -inactive 3
• D. dsquery -o -rdn -limit 21

Correct answer: D

Explanation

The correct answer is D because the 'dsquery -o -rdn -limit 21' command is specifically designed to list user accounts that have not been active for a specified period. Option A is incorrect as it attempts to remove users, not query them. Option B does not address the inactivity of accounts, and Option C limits the search to 3 inactive users, which is not what is needed.