In which of the following scenarios would a tester perform a Kerberoasting attack?
A . The tester has compromised a Windows device and dumps the LSA secrets.
B . The tester needs to retrieve the SAM database and crack the password hashes.
C . The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
D . The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.
Answer: C