nerdexam
EC-Council

312-50V13 · Question #79

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs: From the above list identify the user account with System Administr

The correct answer is F. Chang. In Windows, the built-in Administrator account has a well-known SID suffix, typically ending in -500, which identifies it as the highest privilege system administrator.

Submitted by yousef_jo· Mar 6, 2026System Hacking

Question

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs: From the above list identify the user account with System Administrator privileges.

Exhibit

312-50V13 question #79 exhibit

Options

  • AJohn
  • BRebecca
  • CSheela
  • DShawn
  • ESomia
  • FChang
  • GMicah

How the community answered

(23 responses)
  • B
    4% (1)
  • F
    96% (22)

Why each option

In Windows, the built-in Administrator account has a well-known SID suffix, typically ending in -500, which identifies it as the highest privilege system administrator.

AJohn

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

BRebecca

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

CSheela

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

DShawn

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

ESomia

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

FChangCorrect

Assuming 'Chang' corresponds to a SID ending with the Relative Identifier (RID) of 500, this identifies the user as the built-in Administrator account on a Windows system, which possesses System Administrator privileges.

GMicah

Without the actual SID list, these choices are incorrect if they do not correspond to the specific Administrator SID (ending in -500) or a member of the Administrators group (RID -544).

Concept tested: Windows Security Identifiers (SIDs) and well-known RIDs

Source: https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids

Topics

#Windows SIDs#system administration#privilege escalation#user accounts

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice