CompTIA PenTest+ (PT1-002) — Question 25

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

Answer options

• A. VRFY and EXPN
• B. VRFY and TURN
• C. EXPN and TURN
• D. RCPT TO and VRFY

Correct answer: A

Explanation

The correct answer is A, as the VRFY command verifies if a specific user account exists on the server, while the EXPN command expands a mailing list to show all its members. Options B and C include the TURN command, which is not relevant for user enumeration, and option D includes RCPT TO, which is primarily used for specifying the recipient of an email rather than verifying user accounts.