CompTIA PenTest+ (PT0-002) — Question 371

A penetration tester managed to access an internal Windows workstation for a target company. The tester used Mimikatz during the post exploitation of this compromised host. Which of the following would be a relevant reason for the tester to use this tool?

Answer options

• A. When a network device was compromised and the tester wants to have persistence on the network
• B. When a computer or server was compromised and the tester wants to move laterally
• C. When the tester wants to test reactions to ransomware infections on servers and computers
• D. When the tester wants to crack and capture password hashes

Correct answer: D

Explanation

Mimikatz is primarily used to extract and manipulate authentication credentials from Windows systems, making option D the most relevant reason for its use. The other options do not align with the specific capabilities of Mimikatz, as they focus on persistence and lateral movement rather than credential extraction.