EC-Council
312-50V9 · Question #547
312-50V9 Question #547: Real Exam Question with Answer & Explanation
The correct answer is D: That the true administrator is Joe. The sid2user command resolved the SID ending in RID 500 to the name Joe, revealing that Joe is the built-in Administrator account regardless of any display name change.
Question
What did the following commands determine? C: user2sid \earth guest S-1-5-21-343818398-789336058-1343024091-501 C:sid2user 5 21 343818398 789336058 1343024091 500 Name is Joe Domain is EARTH
Options
- AThat the Joe account has a SID of 500
- BThese commands demonstrate that the guest account has NOT been disabled
- CThese commands demonstrate that the guest account has been disabled
- DThat the true administrator is Joe
- EIssued alone, these commands prove nothing
Explanation
The sid2user command resolved the SID ending in RID 500 to the name Joe, revealing that Joe is the built-in Administrator account regardless of any display name change.
Common mistakes.
- A. The SID ending in 501 - returned by user2sid for the guest account - belongs to Guest, not Joe; Joe's SID ends in 500 which is the Administrator RID.
- B. Neither command queries or returns account status such as enabled or disabled; they only perform username-to-SID and SID-to-username translations.
- C. These commands have no mechanism to check whether an account is enabled or disabled, so no conclusion about the guest account's status can be drawn.
- E. Used together, the commands do prove a specific and meaningful fact - that the account holding the built-in Administrator RID 500 is named Joe.
Concept tested. Windows built-in Administrator RID 500 identification via SID tools
Community Discussion
No community discussion yet for this question.