CompTIA PenTest+ (PT0-003) — Question 166

A penetration tester obtains password dumps associated with the target and identifies strict lockout policies. The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?

Answer options

• A. Credential stuffing
• B. MFA fatigue
• C. Dictionary attack
• D. Brute-force attack

Correct answer: A

Explanation

Credential stuffing is effective in this scenario because it uses previously compromised credentials to log in without triggering account lockouts. In contrast, MFA fatigue relies on overwhelming the user with authentication requests, while dictionary and brute-force attacks attempt to guess passwords, likely resulting in account lockouts due to the strict policies.