GIAC Certified Incident Handler (GCIH) — Question 149
Which file is critical to remove from a domain controller after a password audit?
Answer options
- A. wordlist.txt
- B. john.pot
- C. shadow
- D. ntds.dit
Correct answer: D
Explanation
The correct answer is D, ntds.dit, because it contains sensitive information about user accounts and their passwords in a domain environment. Removing this file after a password audit helps prevent unauthorized access to these credentials. The other options, while potentially sensitive, do not contain the same critical information as ntds.dit.