Download Latest CNSP Questions

Certified Network Security Practitioner (CNSP) Questions and Answers

Question 5

Which Kerberos ticket is required to generate a Silver Ticket?

Options:

Session Ticket

Ticket-Granting Ticket

Service Account Ticket

There is no specific ticket required for generating a Silver Ticket

Answer:

Explanation:

ASilver Ticketis a forged KerberosService Ticket (TGS - Ticket Granting Service)in ActiveDirectory, granting access to a specific service (e.g., MSSQL, CIFS) without KDC interaction. Unlike a Golden Ticket (TGT forgery), it requires:

Service Account’s NTLM Hash:The target service’s account (e.g., MSSQLSvc) hash, not a ticket.

Forgery: Tools like Mimikatz craft the TGS (e.g., kerberos::golden /service: /user: /ntlm:).

Kerberos Flow (RFC 4120):

TGT (Ticket-Granting Ticket): Obtained via AS (Authentication Service) with user creds.

TGS: Requested from TGS (Ticket Granting Service) using TGT for service access.

Silver Ticket Process:

No TGT needed; the attacker mimics the TGS step using the service account’s stolen hash (e.g., from a compromised host).

C. Service Account Ticket:Misnomer—it’s the hash of the service account (e.g., MSSQLSvc) that enables forgery, not a pre-existing ticket. CNSP’s phrasing likely tests this nuance.

Security Implications:Silver Tickets are stealthier than Golden Tickets (service-specific, shorter-lived). CNSP likely stresses hash protection (e.g., LAPS) and Kerberos monitoring.

Why other options are incorrect:

A. Session Ticket:Not a Kerberos term; confuses session keys.

B. TGT:Used for Golden Tickets, not Silver.

D:Incorrect; the service account’s hash (implied by “ticket”) is essential.

Real-World Context:Silver Tickets exploited in APT29 attacks (2020 SolarWinds) for lateral movement.References:CNSP Official Documentation (Kerberos Attacks); RFC 4120 (Kerberos).

Question 6

What RID is given to an Administrator account on a Microsoft Windows machine?

Options:

500

501

100

Answer:

Explanation:

In Windows, security principals (users, groups) are identified by aSecurity Identifier (SID), formatted as S-1-<authority>--. TheRID (Relative Identifier)is the final component, unique within a domain or machine. For local accounts:

RID 500:Assigned to the built-inAdministratoraccount on every Windows machine (e.g., S-1-5-21--500).

Created during OS install, with full system privileges.

Disabled by default in newer Windows versions (e.g., 10/11) unless explicitly enabled.

RID 501:Guest account (e.g., S-1-5-21--501), limited access.

Technical Details:

Stored in SAM (C:\Windows\System32\config\SAM).

Enumeration: Tools like wmic useraccount or net user reveal RIDs.

Domain Context: Domain Admins use RID 512, but the question specifies a local machine.

Security Implications:RID 500 is a prime target for brute-forcing or pass-the-hash attacks (e.g., Mimikatz). CNSP likely advises renaming/disabling it (e.g., via GPO).

Why other options are incorrect:

A. 0:Reserved (e.g., Null SID, S-1-0-0), not a user RID.

C. 501:Guest, not Administrator.

D. 100:Invalid; local user RIDs start at 1000 (e.g., custom accounts).

Real-World Context:Post-compromise, attackers query RID 500 (e.g., net user Administrator) for privilege escalation.References:CNSP Official Study Guide (Windows Security); Microsoft SID Documentation.

Question 7

On a Microsoft Windows operating system, what does the following command do?

net localgroup Sales Sales_domain /add

Options:

Display the list of the users of a local group Sales

Add a domain group to the local group Sales

Add a new user to the local group Sales

Add a local group Sales to the domain group

Answer:

Explanation:

The net localgroup command manages local group memberships on Windows systems, with syntax dictating its action.

Why B is correct:net localgroup Sales Sales_domain /add adds the domain group Sales_domain to the local group Sales, granting its members local group privileges. CNSP covers this for privilege escalation testing.

Why other options are incorrect:

A:Displaying users requires net localgroup Sales without /add.

C:Adding a user requires a username, not a group name like Sales_domain.

D:The reverse (local to domain) uses net group, not net localgroup.

References:CNSP "Windows Group Management" (Section on net Commands) explains net localgroup for adding domain groups.

Question 8

Which one of the following services is not a UDP-based protocol?

Options:

SNMP

NTP

IKE

SSH

Answer:

Explanation:

Protocols are defined by their transport layer usage (TCP or UDP), impacting their security and performance characteristics.

Why D is correct:SSH (Secure Shell) uses TCP (port 22) for reliable, connection-oriented communication, unlike the UDP-based options. CNSP contrasts TCP and UDP protocol security.

Why other options are incorrect:

A:SNMP uses UDP (ports 161, 162) for lightweight network management.

B:NTP uses UDP (port 123) for time synchronization.

C:IKE (IPsec key exchange) uses UDP (ports 500, 4500).

References:CNSP "Network Protocols" (Section on Transport Layer) identifies SSH as TCP-based, others as UDP.

Download Latest CNSP Questions
All CNSP Test Inside The SecOps Group Questions
CNSP Leak Questions
Sure Pass Exam CNSP PDF
Get More The SecOps Group Exams Free Access

Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Certified Network Security Practitioner (CNSP) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce