Ans 1: True
Explanation: The attacker uses the weak stolen
hashed user credentials and without cracking it, the attacker
reuses to bypass authentication system and create a new
authenticated session on the same network.
Ans 2: True
Explanation: Each time the user logs in, a
separate hive and profile is created. Each user profile are stored
under HKEY_CURRENT_USER. Ntuser.dat file contains user profile
settings
Ans 3: True
Explanation: Forensic analysis of memory allows in
investigating the computer attacks which doesn't leave data behind
on computer's hard drive.
T/F. An attacker who steals an organization’s user’s password hash can use it, without decrypting it,...