🔥 3-day streak
CompTIA SecurityX (CAS-005)102 / 120
Question 102 of 120

During a proactive threat hunt, an analyst reviews Kerberos authentication telemetry from domain controllers. They discover a Ticket Granting Ticket (TGT) with a validity lifetime of 10 years being used to request service tickets across multiple servers, and the associated account SID history contains entries that do not match any current group membership. The account's password was last changed six months ago, yet the ticket appears freshly issued. Which conclusion best fits this evidence, and what should the analyst prioritize next?

Reviewed for accuracy · Report an issueNext question