Computer Hacking Forensic Investigator (CHFI) — Question 55

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

Answer options

• A. SAM
• B. AMS
• C. Shadow file
• D. Password.conf

Correct answer: A

Explanation

The correct answer is A, SAM, as it is the Security Account Manager that stores user passwords in a hashed format on Windows systems. The other options, AMS, Shadow file, and Password.conf, do not pertain to the storage of passwords in an Active Directory context.