312-49 · Question #470
312-49 Question #470: Real Exam Question with Answer & Explanation
The correct answer is B: Service account passwords in plain text. The registry key HKLM\SECURITY\Policy\Secrets is the location of LSA (Local Security Authority) Secrets in Windows. This area stores sensitive data including service account passwords in a recoverable (though encrypted) format. Tools like Mimikatz or pwdump can extract these secr
Question
What is kept in the following directory? HKLM\SECURITY\Policy\Secrets
Options
- AIAS account names and passwords
- BService account passwords in plain text
- CLocal store PKI Kerberos certificates
- DCached password hashes for the past 20 users
Explanation
The registry key HKLM\SECURITY\Policy\Secrets is the location of LSA (Local Security Authority) Secrets in Windows. This area stores sensitive data including service account passwords in a recoverable (though encrypted) format. Tools like Mimikatz or pwdump can extract these secrets. Service accounts running Windows services must have their credentials stored somewhere the OS can access them automatically, and LSA Secrets is that location — making it a high-value target for attackers and a critical area for forensic investigators.
Topics
Community Discussion
No community discussion yet for this question.