nerdexam
Exams312-50V12Questions#170
EC-CouncilEC-Council

312-50V12 · Question #170

312-50V12 Question #170: Real Exam Question with Answer & Explanation

The correct answer is D: Request a service ticket for the service principal name of the target service account. To perform a Kerberoasting attack after obtaining a TGT, the analyst must first request a service ticket for the target service principal name (SPN). This action will return an encrypted service ticket containing a hash that can then be cracked offline.

Submitted by yuki_2020· Mar 4, 2026System Hacking Phases and Attack Techniques

Question

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

Options

  • ACarry out a passive wire sniffing operation using Internet packet sniffers
  • BPerform a PRobability INfinite Chained Elements (PRINCE) attack
  • CExtract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
  • DRequest a service ticket for the service principal name of the target service account

Explanation

To perform a Kerberoasting attack after obtaining a TGT, the analyst must first request a service ticket for the target service principal name (SPN). This action will return an encrypted service ticket containing a hash that can then be cracked offline.

Common mistakes.

  • A. Carrying out a passive wire sniffing operation is a general network analysis technique but does not actively generate the specific Kerberos service ticket needed for a Kerberoasting attack to obtain the target service account's hash.
  • B. A PRINCE attack is a advanced password cracking methodology used to guess passwords from a dictionary or list, and it is performed after the service account hash has been obtained, not as a step to acquire the hash itself.
  • C. Extracting plaintext passwords, hashes, or tickets using tools like Mimikatz is often done after a Kerberos service ticket has been obtained and imported, or to dump credentials already present in memory, but the immediate next step in Kerberoasting is to generate the service ticket to be cracked.

Concept tested. Kerberoasting attack methodology and steps

Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-kerberos-and-active-directory

Topics

#Kerberoasting#Kerberos#password cracking#active directory attacks

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V12 PracticeBrowse All 312-50V12 Questions