CREST Practitioner Security Analyst (CPSA) Practice

Which of the following describes the nature of an NTLM hash?

• A. It stores user credentials securely
• B. It uses symmetric encryption for data privacy
• C. It is a single-use hashed value
• D. It generates a unique identifier for network routes

The correct answer is: It stores user credentials securely

The nature of an NTLM hash primarily involves its role in storing user credentials securely. NTLM, or NT LAN Manager, is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users and systems across networks. The NTLM hash is a one-way encrypted representation of a user's password, and while it is not impervious to attacks—particularly to hash cracking and rainbow table attacks—it does serve the essential function of protecting the user's password during the authentication process by storing it in a non-reversible format. The use of this hash format means that even if an attacker manages to access the hash values, they cannot easily reconstruct the original passwords, which provides a layer of security. Nonetheless, it is important to note that best practices recommend stronger authentication methods, as NTLM is considered more vulnerable than newer protocols such as Kerberos. The other options do not accurately represent the attributes of NTLM hashes. For instance, NTLM does not use symmetric encryption; instead, it relies on hashing. Additionally, it is not a single-use hashed value, as it can be consistently used until the corresponding password changes. Finally, it does not generate unique identifiers for network routes, which falls outside its functional scope. Thus, the correct choice underscores the