Certified Ethical Hacker (CEH v10) — Question 123

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-
1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

Answer options

• A. He needs to gain physical access.
• B. He must perform privilege escalation.
• C. He already has admin privileges, as shown by the "501" at the end of the SID.
• D. He needs to disable antivirus protection.

Correct answer: B

Explanation

The correct answer is B, as privilege escalation is necessary for Matthew to gain full administrator access since the SID indicates he is not currently an admin. Option A is incorrect because physical access is not required to escalate privileges remotely. Option C is misleading; while '501' indicates a specific user type, it does not denote admin rights. Option D is irrelevant to achieving the necessary access.