CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What protocol is associated with SMTP User Enumeration?

  1. HELO

  2. EXPN

  3. MAIL FROM

  4. RCPT TO

The correct answer is: EXPN

The protocol associated with SMTP User Enumeration is EXPN. EXPN is specifically designed to expand mailing lists and can be exploited to reveal valid email addresses on a mail server. When an attacker uses the EXPN command, they can request the email addresses associated with a mailing list. If the email server responds with specific user details, it confirms the existence of those accounts, thereby facilitating user enumeration. This ability to verify user accounts makes EXPN a tool for attackers looking to gather information about users on a target system. Other SMTP commands, while essential for email transmission, do not have the same user enumeration capabilities. For instance, HELO is used to initiate a conversation with the mail server but does not expose user information, while MAIL FROM and RCPT TO are related to the sending process and do not enumerate users on the server. Hence, EXPN is the critical command for this aspect of vulnerability in the SMTP protocol.

More Questions Like This