Question

Cassandra believes that attackers were able to extract a volume shadow copy of a workstation belonging to her organization's Windows domain administrator. What information should she not report as being potentially exposed?

A. All files on the user's desktop
B. Password hashes
C. Domain details
D. Plain-text Windows account passwords

Answer 1

Cassandra should not report plain-text Windows account passwords as being potentially exposed, since Windows stores passwords as hashes, not in plain text. Other information like files on the desktop, password hashes, and domain details could be exposed in a shadow copy but not the actual plain-text passwords.

Step-by-step explanation:

In the scenario where attackers have extracted a volume shadow copy of a workstation used by a Windows domain administrator, Cassandra should not report plain-text Windows account passwords as being potentially exposed. Windows does not store account passwords in plain text; instead, it stores them as hashes.

Therefore, while the volume shadow copy may expose other sensitive details such as all files on the user's desktop, password hashes, and domain details, it would not reveal the actual plain-text passwords associated with any accounts. An important aspect here is that password hashes can potentially be cracked, given enough resources and time, which could eventually lead to exposure of the passwords, but that is a separate process that would require additional actions by the attackers.