Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam PT0-002 Topic 4 Question 63 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 63
Topic #: 4
[All PT0-002 Questions]

A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

Show Suggested Answer Hide Answer
Suggested Answer: C

* Deauthentication attacks can force legitimate users to disconnect from a wireless network, prompting them to reconnect and, in the process, capture valid user credentials using a rogue access point or network monitoring tools.

* Details:

A . Wardriving: Involves driving around to discover wireless networks; it does not directly gather user credentials.

B . Captive portal: Requires users to log in but is not an attack method; it is a legitimate method to control network access.

C . Deauthentication: Forces users to reauthenticate, allowing an attacker to capture credentials during the reconnection process.

D . Impersonation: Involves pretending to be someone else to gain access but is less effective for directly capturing user credentials compared to deauthentication.

* Reference: Deauthentication attacks are well-documented in wireless security assessments and penetration testing guides.


Contribute your Thoughts:

Helaine
3 months ago
Impersonation all the way! Nothing beats a good ol' fashioned identity theft. Brings back memories of my hacking glory days.
upvoted 0 times
...
Gretchen
3 months ago
A) Wardriving? Really? That's so old-school. Step it up, people!
upvoted 0 times
...
Lauryn
4 months ago
Hmm, B) Captive portal could be fun. Trick 'em into giving up the goods!
upvoted 0 times
Sabina
3 months ago
C) Deauthentication might also be effective, disrupting their connection and making them reconnect through your portal.
upvoted 0 times
...
Lillian
3 months ago
I think D) Impersonation could work too, pretending to be someone they trust.
upvoted 0 times
...
Dan
3 months ago
Yeah, B) Captive portal is a sneaky way to get those credentials.
upvoted 0 times
...
...
Carey
4 months ago
I dunno, C) Deauthentication might be a bit more subtle. Don't want to raise any red flags, ya know?
upvoted 0 times
Rikki
3 months ago
C: Yeah, better to fly under the radar and get the job done.
upvoted 0 times
...
King
3 months ago
A: Good point, subtlety is key in these situations.
upvoted 0 times
...
Lindsay
3 months ago
B: True, but C) Deauthentication seems less risky, might go unnoticed.
upvoted 0 times
...
Carla
3 months ago
A: I think D) Impersonation could work well too, blend in and gather credentials.
upvoted 0 times
...
...
Ernie
4 months ago
I think Captive portal could also be a good option as it can trick users into entering their credentials.
upvoted 0 times
...
Brett
4 months ago
But Impersonation allows the tester to pretend to be a valid user and gather credentials easily.
upvoted 0 times
...
Detra
4 months ago
D) Impersonation seems like the way to go here. Gotta get those credentials somehow!
upvoted 0 times
Wava
4 months ago
I agree, impersonation is a clever way to achieve the objective of gathering valid user credentials.
upvoted 0 times
...
Gladys
4 months ago
Yeah, impersonation is a sneaky but effective method for gathering user credentials.
upvoted 0 times
...
Kimberlie
4 months ago
Impersonation is definitely the way to go. It's all about getting those credentials.
upvoted 0 times
...
...
Tammy
4 months ago
I disagree, I believe Deauthentication would be more effective.
upvoted 0 times
...
Brett
4 months ago
I think the best attack would be Impersonation.
upvoted 0 times
...

Save Cancel