CompTIA PenTest+ (PT0-002) — Question 5

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

Answer options

• A. VRFY and EXPN
• B. VRFY and TURN
• C. EXPN and TURN
• D. RCPT TO and VRFY

Correct answer: A

Explanation

The correct commands for enumerating user accounts on an SMTP server are VRFY and EXPN, as they allow the tester to verify the existence of user accounts and retrieve mailing lists, respectively. The other options either include commands that do not provide user account information or are not relevant to the enumeration task.