CISSP · Question #1392
CISSP Question #1392: Real Exam Question with Answer & Explanation
The correct answer is B: Pass the ticket. Pass the ticket is an attack method that exploits the Kerberos authentication protocol, which is a network authentication protocol that uses tickets to authenticate users and services. In a pass the ticket attack, an attacker steals a valid Kerberos ticket from a compromised user
Question
An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?
Options
- ACross-Site Scripting (XSS)
- BPass the ticket
- CBrute force
- DHash collision
Explanation
Pass the ticket is an attack method that exploits the Kerberos authentication protocol, which is a network authentication protocol that uses tickets to authenticate users and services. In a pass the ticket attack, an attacker steals a valid Kerberos ticket from a compromised user or system, and uses it to impersonate the user or system and access other resources or services on the network, without knowing the user's password or credentials. This attack can enable the attacker to move laterally across the network and escalate privileges. An authentication system that uses challenge and response, which is a method of verifying the identity of a user or system by sending a random or unpredictable value (challenge) and expecting a valid response (such as a password or a hash), can prevent or mitigate the pass the ticket attack, as it requires the user or system to prove their knowledge of the secret value, not just possession of the ticket.
Topics
Community Discussion
No community discussion yet for this question.