CREST Practitioner Security Analyst (CPSA) Practice 2025 - Free CPSA Practice Questions and Study Guide

Question: 1 / 485

What protocol is associated with SMTP User Enumeration?

HELO

EXPN

The protocol associated with SMTP User Enumeration is EXPN. EXPN is specifically designed to expand mailing lists and can be exploited to reveal valid email addresses on a mail server. When an attacker uses the EXPN command, they can request the email addresses associated with a mailing list. If the email server responds with specific user details, it confirms the existence of those accounts, thereby facilitating user enumeration.

This ability to verify user accounts makes EXPN a tool for attackers looking to gather information about users on a target system. Other SMTP commands, while essential for email transmission, do not have the same user enumeration capabilities. For instance, HELO is used to initiate a conversation with the mail server but does not expose user information, while MAIL FROM and RCPT TO are related to the sending process and do not enumerate users on the server. Hence, EXPN is the critical command for this aspect of vulnerability in the SMTP protocol.

Get further explanation with Examzify DeepDiveBeta

MAIL FROM

RCPT TO

Next Question

Report this question

Download CREST Practitioner Security Analyst (CPSA) Practice PDF Study Guide
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy