Which Windows Registry hive contains the user's password file?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

Which Windows Registry hive contains the user's password file?

Explanation:
The registry area that stores local user credentials is the SAM database, which is part of the machine-wide hive. You access it in the registry as HKEY_LOCAL_MACHINE\SAM (and the actual data is stored in the SAM file under System32\Config). This is separate from the per-user data you find under HKEY_CURRENT_USER, which holds user-specific settings for the active user, and from HKEY_USERS, which contains loaded user profiles but not the password hashes themselves. So the password-related data resides in the machine hive, HKEY_LOCAL_MACHINE.

The registry area that stores local user credentials is the SAM database, which is part of the machine-wide hive. You access it in the registry as HKEY_LOCAL_MACHINE\SAM (and the actual data is stored in the SAM file under System32\Config). This is separate from the per-user data you find under HKEY_CURRENT_USER, which holds user-specific settings for the active user, and from HKEY_USERS, which contains loaded user profiles but not the password hashes themselves. So the password-related data resides in the machine hive, HKEY_LOCAL_MACHINE.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy