CompTIA Security+ SY0-601 – Question561

An application owner reports suspicious activity on an internal financial application from various internal users
within the past 14 days. A security analyst notices the following:
– Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
– Internal users in question were changing their passwords frequently during that time period.
– A jump box that several domain administrator users use to connect to remote devices was recently compromised.
– The authentication method used in the environment is NTLM.
Which of the following types of attacks is most likely being used to gain unauthorized access?


A.
Pass-the-hash
B. Brute-force
C. Directory traversal
D. Replay

Correct Answer: A