CompTIA PenTest+ (PT0-001) — Question 47

Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

Answer options

• A. LSASS
• B. SAM database
• C. Active Directory
• D. Registry

Correct answer: A

Explanation

The correct answer is A, LSASS, which is the Local Security Authority Subsystem Service responsible for enforcing security policies and managing user logins. Mimikatz specifically targets LSASS to extract in-memory credentials. The SAM database and Active Directory are also related to credential storage but are not the primary targets for Mimikatz, while the Registry does not store user credentials directly.