PT0-003 · Question #269
PT0-003 Question #269: Real Exam Question with Answer & Explanation
The correct answer is C: nltest.exe. nltest.exe (Option C) is correct because it is a command-line utility used to query domain and network information, such as domain controllers, trust relationships, and site configurations - making it highly valuable for a penetration tester performing reconnaissance after gainin
Question
A penetration tester obtained a shell on a Windows system. Which of the following would the tester use to gather more information about the host?
Options
- Ammc.exe
- Bicacls.exe
- Cnltest.exe
- Dwinver.exe
Explanation
nltest.exe (Option C) is correct because it is a command-line utility used to query domain and network information, such as domain controllers, trust relationships, and site configurations - making it highly valuable for a penetration tester performing reconnaissance after gaining initial access to a Windows system.
Why the others are wrong:
- mmc.exe (Microsoft Management Console) is a GUI-based administrative tool used to manage system components, not gather host/network intelligence from a shell.
- icacls.exe is used to view and modify file/folder permissions (ACLs), which is useful for privilege escalation research but doesn't broadly enumerate host or domain information.
- winver.exe simply displays the Windows version in a graphical dialog box - minimal reconnaissance value and not practical from a shell context.
Memory Tip: Think of nl in nltest as standing for "Network Lookup" - it's the tool penetration testers use to test and enumerate network/domain relationships after landing on a Windows machine. If you're in a shell and want to "phone home" to understand the domain landscape, nltest is your go-to.
Topics
Community Discussion
No community discussion yet for this question.