PT0-003 · Question #221
PT0-003 Question #221: Real Exam Question with Answer & Explanation
The correct answer is A: Crack user accounts using compromised hashes.. To avoid triggering IDS/IPS alerts, the attacker should use offline cracking on compromised hashes rather than direct brute-force attempts. Crack user accounts using compromised hashes: Hashes can be cracked offline using tools like Hashcat or John the Ripper. No direct login att
Question
During a security assessment, a penetration tester wants to compromise user accounts without triggering IDS/IPS detection rules. Which of the following is the most effective way for the tester to accomplish this task?
Options
- ACrack user accounts using compromised hashes.
- BBrute force accounts using a dictionary attack.
- CBypass authentication using SQL injection.
- DCompromise user accounts using an XSS attack.
Explanation
To avoid triggering IDS/IPS alerts, the attacker should use offline cracking on compromised hashes rather than direct brute-force attempts. Crack user accounts using compromised hashes: Hashes can be cracked offline using tools like Hashcat or John the Ripper. No direct login attempts, avoiding detection by security systems.
Topics
Community Discussion
No community discussion yet for this question.