GIAC Certified Incident Handler (GCIH) — Question 27
Which Windows process would an attacker target to steal credentials from a user who logs into applications with a Password Manager?
Answer options
- A. Clipboard
- B. REGSVC
- C. Explorer
- D. LSASS
Correct answer: D
Explanation
The correct answer is LSASS, as it handles authentication and stores user credentials in memory, making it a prime target for credential theft. The other options like Clipboard, REGSVC, and Explorer do not manage user credentials in the same way, making them less relevant for this type of attack.