CompTIA PenTest+ (PT0-001) — Question 7

In which of the following scenarios would a tester perform a Kerberoasting attack?

Answer options

• A. The tester has compromised a Windows device and dumps the LSA secrets.
• B. The tester needs to retrieve the SAM database and crack the password hashes.
• C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
• D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.

Correct answer: C

Explanation

The correct answer is C because Kerberoasting is a technique used to exploit weak service account passwords by extracting service tickets. Options A, B, and D do not involve service tickets or the specific method of Kerberoasting, which focuses on targeting service accounts for lateral movement.