Q: 4
[Attacks and Exploits]
During a security assessment, a penetration tester wants to compromise user accounts without
triggering IDS/IPS detection rules. Which of the following is the most effective way for the tester to
accomplish this task?
Options
Discussion
Option A
Seen similar in practice tests, pretty sure it's C for bypassing authentication without brute network attempts. The CompTIA book covers this strategy.
A . Cracking hashes offline won't set off IDS or IPS, unlike brute force (B) or SQLi (C) which are noisy. Some might pick C thinking about direct bypass but it's not stealthy. Pretty sure A is safest here, unless I missed something.
Had something like this in a mock, A is correct. Cracking hashes offline avoids network-based detection completely. No alerts raised when you're not hitting the IDS/IPS sensors. Seen this concept tested more than once.
Probably A here, since cracking hashes offline keeps everything away from IDS/IPS monitoring. Brute force or SQL injection could light up alerts. Pretty sure that's the intended answer but let me know if you see it differently.
Hash cracking offline is the quietest route so it's A.
Its A. Cracking hashes offline avoids triggering IDS/IPS, unlike option B which generates noisy network attempts.
Every CompTIA exam has one of these trick questions. A for real, offline hash cracking flies under IDS/IPS every time.
Wouldn't C work too if the SQL injection is silent and doesn't trip detection? Some WAFs or IDS might miss a blind SQLi if the payload's crafted right. Or does that still risk alerts compared to offline cracking?
Honestly, I don't think C is right here. Cracking offline (A) avoids IDS/IPS completely, while SQLi would definitely get flagged.
Be respectful. No spam.
