A Windows server shows signs of unauthorized logins. You install a recognized credential-auditing tool during your investigation. Which action helps uncover data for verifying suspicious activity?
Set a local service to log user inputs at each login prompt
Load registry hives to uncover hidden plaintext data in local accounts
Use specialized modules to gather ephemeral credentials from running authentication processes
Collect system logs to locate user login details stored in event entries
The most effective action uses specialized functionality to retrieve ephemeral authentication details. Viewing system logs and searching registry files can reveal some artifacts, but plaintext credentials typically reside in processes tied to active sessions. Adjusting services can change access levels but does not directly extract stored secrets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are ephemeral credentials in authentication processes?
Open an interactive chat with Bash
How do specialized modules retrieve ephemeral credentials?
Open an interactive chat with Bash
Why are system logs less effective for identifying unauthorized logins?