nerdexam
Exams312-50V12Questions#158
EC-CouncilEC-Council

312-50V12 · Question #158

312-50V12 Question #158: Real Exam Question with Answer & Explanation

The correct answer is C: Unauthorized users may perform privilege escalation using unnecessarily created accounts. The misconfiguration of unknown users having administrative permissions, potentially through unnecessarily created accounts, presents the most potent risk of unauthorized privilege escalation and subsequent system compromise.

Submitted by kwame.gh· Mar 4, 2026System Hacking Phases and Attack Techniques

Question

XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?

Options

  • AAn attacker may be able to inject a malicious DLL into the current running process
  • BWeak encryption might be allowing man-in-the-middle attacks, leading to data tampering
  • CUnauthorized users may perform privilege escalation using unnecessarily created accounts
  • DAn attacker may carry out a Denial-of-Service assault draining the resources of the server in the

Explanation

The misconfiguration of unknown users having administrative permissions, potentially through unnecessarily created accounts, presents the most potent risk of unauthorized privilege escalation and subsequent system compromise.

Common mistakes.

  • A. While an attacker with administrative access might be able to inject a malicious DLL, this is a specific attack vector rather than the primary risk associated with the initial granting of administrative permissions to unknown users.
  • B. Weak encryption pertains to network communication security and is unrelated to the host-based misconfigurations of enabled debugging functions or inappropriate administrative user permissions.
  • D. While an attacker with administrative access could initiate a Denial-of-Service attack, the most potent and comprehensive risk of having unauthorized administrative control is typically full system compromise, data exfiltration, or persistence, rather than just resource exhaustion.

Concept tested. Privilege escalation through misconfigured accounts

Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models

Topics

#Misconfiguration vulnerability#privilege escalation#unauthorized access#server security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V12 PracticeBrowse All 312-50V12 Questions