An assessment reveals a compromised account on a domain-joined machine. The credential can read user profiles in the directory. What is the BEST way to gather relevant details such as group memberships with this account?
Capture data packets on the compromised system to look for account credentials
Conduct a basic directory search for user associations and membership details
Open a remote console session on another workstation to identify security settings
Extract memory data from the domain-joined machine to glean session records
Reviewing data directly within the directory uses the authenticated user’s read capability to reveal group associations. Other options rely on examining network traffic, memory contents, or accessing a different system, which may not uncover the full range of group information tied to each account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a directory search in the context of domain user accounts?
Open an interactive chat with Bash
How does Active Directory manage user associations and memberships?
Open an interactive chat with Bash
Why is it better to use directory searches rather than memory or network data capture?