Skip to Content

CompTIA Security+ 2021 SY0-601: Unauthorized Access to Internal Financial Application

By: Author Alex Lim

Posted on

Categories Exam

Learn how a pass-the-hash attack can lead to unauthorized access to internal financial applications. Discover the signs of this attack and understand the role of NTLM authentication in its execution.

Table of Contents

Question

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

  • Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
  • Internal users in question were changing their passwords frequently during that time period.
  • A jump box that several domain administrator users use to connect to remote devices was recently compromised.
  • The authentication method used in the environment is NTLM.

Which of the following types of attacks is most likely being used to gain unauthorized access?

A. Pass-the-hash
B. Brute-force
C. Directory traversal
D. Replay

Answer

A. Pass-the-hash

Explanation

A pass-the-hash attack is most likely being used to gain unauthorized access to the internal financial application. In a pass-the-hash attack, an attacker compromises a system and obtains the hashed user credentials stored in memory. These hashes can then be used to authenticate to other systems without knowing the actual passwords.

The suspicious activity, such as financial transactions occurring outside of business hours by unauthorized users, indicates that the attackers have gained access to user accounts. The compromised jump box, which domain administrator users connect to, serves as a pivot point for the attackers to spread laterally within the network.

NTLM, the authentication method used in the environment, is vulnerable to pass-the-hash attacks. NTLM uses a weak hashing algorithm, making it easier for attackers to obtain and reuse the hashes. The frequent password changes by the internal users in question suggest that the attackers are using the stolen hashes to access multiple accounts.

Other attack types mentioned, such as brute-force, directory traversal, and replay attacks, do not align with the given scenario. Brute-force attacks involve guessing passwords, directory traversal attacks exploit file system vulnerabilities, and replay attacks capture and reuse network traffic. None of these attack vectors explain the unauthorized access to the financial application using stolen hashes.

CompTIA Security+ 2021 SY0-601 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ 2021 SY0-601 exam and earn CompTIA Security+ 2021 SY0-601 certification.