CompTIA Security+ (SY0-601) — Question 785

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Answer options

• A. Privilege escalation
• B. Buffer overflow
• C. SQL injection
• D. Pass-the-hash

Correct answer: D

Explanation

The correct answer is D, Pass-the-hash, because the attacker exploited the stored credentials without cracking them to access other parts of the network. Option A, Privilege escalation, involves gaining higher access rights, which is not described in this scenario. Options B and C, Buffer overflow and SQL injection, refer to different types of vulnerabilities and attacks that do not align with the actions taken by the attacker in this case.