Which service allows creating a copy of the Active Directory database (ntds.dit) for offline analysis?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which service allows creating a copy of the Active Directory database (ntds.dit) for offline analysis?

Explanation:
Volume Shadow Copy Service is the mechanism that creates a consistent snapshot of a volume, allowing you to copy the Active Directory database (ntds.dit) for offline analysis without bringing the domain controller down. ntds.dit resides on the volume that VSS can snapshot, so you can mount the shadow copy and examine the AD data with forensic or analysis tools. The other options don’t provide this capability: SNMP is for monitoring network devices, Kernel Dump is a memory dump from a crash, and DNS is the name-resolution service.

Volume Shadow Copy Service is the mechanism that creates a consistent snapshot of a volume, allowing you to copy the Active Directory database (ntds.dit) for offline analysis without bringing the domain controller down. ntds.dit resides on the volume that VSS can snapshot, so you can mount the shadow copy and examine the AD data with forensic or analysis tools. The other options don’t provide this capability: SNMP is for monitoring network devices, Kernel Dump is a memory dump from a crash, and DNS is the name-resolution service.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy