🔥 3-day streak
CompTIA PenTest+ (PT0-003)4 / 175
Question 4 of 175

During an internal engagement, a penetration tester queries Active Directory and discovers several user accounts that have the 'Do not require Kerberos preauthentication' flag set. The tester wants to leverage this misconfiguration to obtain crackable credential material without needing any valid domain account authentication first. Which attack technique should the tester use?

Reviewed for accuracy · Report an issueNext question