Which Windows Registry hive contains the user's password file?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which Windows Registry hive contains the user's password file?

Explanation:
The registry area that stores local user credentials is the SAM database, which is part of the machine-wide hive. You access it in the registry as HKEY_LOCAL_MACHINE\SAM (and the actual data is stored in the SAM file under System32\Config). This is separate from the per-user data you find under HKEY_CURRENT_USER, which holds user-specific settings for the active user, and from HKEY_USERS, which contains loaded user profiles but not the password hashes themselves. So the password-related data resides in the machine hive, HKEY_LOCAL_MACHINE.

The registry area that stores local user credentials is the SAM database, which is part of the machine-wide hive. You access it in the registry as HKEY_LOCAL_MACHINE\SAM (and the actual data is stored in the SAM file under System32\Config). This is separate from the per-user data you find under HKEY_CURRENT_USER, which holds user-specific settings for the active user, and from HKEY_USERS, which contains loaded user profiles but not the password hashes themselves. So the password-related data resides in the machine hive, HKEY_LOCAL_MACHINE.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy