SYSKEY is described as a 128-bit key protecting password hashes on the hard drive. Which description best matches its function?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

SYSKEY is described as a 128-bit key protecting password hashes on the hard drive. Which description best matches its function?

Explanation:
SYSKEY serves to protect credential data at rest by encrypting the SAM database on disk, which is where Windows stores password hashes for local accounts. The 128-bit key used by SYSKEY is applied to that datastore so that offline access to those hashes is blocked unless the key is available to decrypt it. This focus on the SAM (and related credential stores) explains why the best description is that it encrypts the SAM database on disk. It does not encrypt network traffic, email content, or ROM firmware, so those options don’t fit.

SYSKEY serves to protect credential data at rest by encrypting the SAM database on disk, which is where Windows stores password hashes for local accounts. The 128-bit key used by SYSKEY is applied to that datastore so that offline access to those hashes is blocked unless the key is available to decrypt it. This focus on the SAM (and related credential stores) explains why the best description is that it encrypts the SAM database on disk. It does not encrypt network traffic, email content, or ROM firmware, so those options don’t fit.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy