GIAC Certified Incident Handler (GCIH) — Question 54

What is the Linux administrator doing with the commands below?
$ rpcclient -U fezzik florin
rpcclient

Answer options

• A. Resolving SIDs to usernames on the target server
• B. Displaying the rights associated with a SID on the target server
• C. Listing the privileges associated with a SID defined locally on the target server
• D. Enumerating the SIDs of all users defined locally on the target server

Correct answer: C

Explanation

The correct answer is C because the command 'lsaenumsid' is specifically used to list the privileges associated with a SID that is defined locally on the server. Option A is incorrect as it suggests resolving SIDs to usernames, which is not the purpose of the command used. Options B and D also misinterpret the command's function, as they relate to rights and all user SIDs rather than just privileges for a single SID.