CNSP Exam Dumps : Certified Network Security Practitioner (CNSP)

In Windows, security principals (users, groups) are identified by aSecurity Identifier (SID), formatted as S-1---. TheRID (Relative Identifier)is the final component, unique within a domain or machine. For local accounts:

RID 500:Assigned to the built-inAdministratoraccount on every Windows machine (e.g., S-1-5-21--500).

Created during OS install, with full system privileges.

Disabled by default in newer Windows versions (e.g., 10/11) unless explicitly enabled.

RID 501:Guest account (e.g., S-1-5-21--501), limited access.

Technical Details:

Stored in SAM (C:\Windows\System32\config\SAM).

Enumeration: Tools like wmic useraccount or net user reveal RIDs.

Domain Context: Domain Admins use RID 512, but the question specifies a local machine.

Security Implications:RID 500 is a prime target for brute-forcing or pass-the-hash attacks (e.g., Mimikatz). CNSP likely advises renaming/disabling it (e.g., via GPO).

Why other options are incorrect:

A. 0:Reserved (e.g., Null SID, S-1-0-0), not a user RID.

C. 501:Guest, not Administrator.

D. 100:Invalid; local user RIDs start at 1000 (e.g., custom accounts).

Real-World Context:Post-compromise, attackers query RID 500 (e.g., net user Administrator) for privilege escalation.References:CNSP Official Study Guide (Windows Security); Microsoft SID Documentation.

A DNS zone transfer involves replicating the DNS zone data (e.g., all records for a domain) from a primary to a secondary DNS server, requiring a reliable transport mechanism.

Why A is correct:DNS zone transfers use TCP port 53 because TCP ensures reliable,ordered delivery of data, which is critical for transferring large zone files. CNSP notes that TCP is the standard protocol for zone transfers (e.g., AXFR requests), as specified in RFC 5936.

Why other options are incorrect:

B. 53/UDP:UDP port 53 is used for standard DNS queries and responses due to its speed and lower overhead, but it is not suitable for zone transfers, which require reliability over speed.

C. Both 1 and 2:This is incorrect because zone transfers are exclusively TCP-based, not UDP-based.

D. None of the above:Incorrect, as 53/TCP is the correct port for DNS zone transfers.

References:CNSP "DNS Security Practices" (Section on Zone Transfers) specifies TCP port 53 as the protocol for secure and reliable zone transfer operations.

Online attacks require real-time interaction with a target system (e.g., a login interface), whereas offline attacks occur without direct system interaction, typically after obtaining data like password hashes. A rainbow table attack is an offline method that uses precomputed tables of hash values to reverse-engineer passwords from stolen hash databases, distinguishing it from the other options, which are online.

Why B is correct:Rainbow table attacks are performed offline after an attacker has already acquired a hash (e.g., from a compromised database). The attacker matches the hash against precomputed tables to find the plaintext password, requiring no interaction with the target system during the attack. CNSP classifies this as an offline password recovery technique.

Why other options are incorrect:

A:Brute force attacks involve repeatedly submitting password guesses to a live system (e.g., via SSH or a web login), making it an online attack.

C:Password spraying attacks test a few common passwords across many accounts on a live system, also an online attack aimed at avoiding lockouts.

D:Phishing attacks trick users into submitting credentials through fake interfaces (e.g., emails or websites), requiring real-time interaction and thus classified as online.

References:CNSP "Password Attack Methodologies" (Section on Online vs. Offline Attacks) defines rainbow table attacks as offline and contrasts them with online methods like brute force and phishing.