CompTIA PenTest+ (PT0-003) — Question 3

During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?

Answer options

• A. Golden Ticket
• B. Kerberoasting
• C. DCShadow
• D. LSASS dumping

Correct answer: B

Explanation

The correct answer is B, Kerberoasting, as this attack specifically targets service accounts associated with SPNs to obtain their credentials. The other options, such as Golden Ticket, DCShadow, and LSASS dumping, do not directly rely on SPN information to be successful.