1.What is the fundamental property of NTLM that makes Pass the Hash attacks possible?
2.How does NTLM challenge-response authentication work in a domain environment?
3.Why does NTLM remain active in most modern Active Directory environments despite its known weaknesses?
4.What is the security implication of NTLM lacking mutual authentication?
5.What is the difference between an NT hash and a Net-NTLMv2 hash from an attacker's perspective?
6.An interviewer asks you to explain why NTLM is still a security concern. Which response is strongest?