CompTIA PenTest+ (PT0-003) — Question 88
During an assessment, a penetration tester compromises some machines but finds that none of the accounts have sufficient access to the target HR database server. In order to enumerate accounts with sufficient permissions, the tester wants to model an attack path before taking further action. Which of the following tools should the tester use to meet this objective?
Answer options
- A. Responder
- B. Mimikatz
- C. Hydra
- D. BloodHound
- E. TruffleHog
Correct answer: D
Explanation
BloodHound is specifically designed to analyze Active Directory relationships and permissions, making it ideal for mapping attack paths and identifying accounts with elevated privileges. Other tools like Responder, Mimikatz, Hydra, and TruffleHog serve different purposes, such as credential harvesting or password cracking, and are not focused on modeling attack paths within Active Directory.