Spear phishing is correct because the attack is highly targeted toward a specific group within the organization and uses contextual details to increase credibility and likelihood of success. Phishing is incorrect because it typically involves broad, indiscriminate email campaigns sent to large groups without personalization. Spoofing is incorrect because while spoofing may be used as a technique within the attack to falsify the sender’s address, it does not describe the overall targeted social engineering strategy. Zero-day is incorrect because it refers to exploiting an unknown or unpatched vulnerability, not conducting a targeted email-based credential harvesting campaign. OBJ. 4.8

Dependency vulnerability detection is correct because the scan identifies vulnerabilities in software libraries used by the application. Network service discovery is incorrect because no ports are scanned. Credential enumeration is incorrect because no authentication data is involved. Wireless signal analysis is incorrect because it is unrelated. OBJ. 3.1

Site survey is correct because it involves physically assessing the environment, allowing a penetration tester to directly observe camera placement, blind spots, access control weaknesses, and environmental factors that could be exploited during a physical intrusion. Access log review is incorrect because it focuses on historical access data, not real-time identification of physical vulnerabilities. Social engineering pretexting is incorrect because it targets human behavior, not structural or environmental weaknesses. Motion sensor validation testing is incorrect because it evaluates specific detection systems, but does not provide a comprehensive assessment of the entire facility’s physical security posture. OBJ. 3.3

OBJ 1.3: The Open Web Application Security Project (OWASP) is an organization aimed at increasing awareness of web security and provides a framework for testing during each phase of the software development process. The OWASP Testing Guide (OTG) provides different steps for the testing process and outlines the importance of assessing the entire organization, including the people, processes, and technology, during a penetration test. The Penetration Testing Execution Standard (PTES) was developed by business professionals as a best practice guide for conducting penetration testing. The PTES contains seven main sections that are used to provide a comprehensive overview of the proper structure of a complete penetration test. The Open Source Security Testing Methodology Manual (OSSTMM) was developed by the Institute for Security and Open Methodologies (ISECOM) and it outlines every area of an organization that needs testing and how to conduct the relevant tests. The Information Systems Security Assessment Framework (ISSAF) is an open-source resource available to cybersecurity professionals. The ISSAF is comprised of documents that relate to penetration testing, such as guidelines on business continuity and disaster recovery along with legal and regulatory compliance. OBJ. 1.3

OBJ 3.2 - A false negative occurs when the scanner fails to detect a vulnerability that is actually present and exploitable in the system. This is a critical issue in penetration testing because it means that real security risks are not being identified, leaving the system exposed to potential attacks. OBJ. 3.2 

OBJ 4.6: A container escape involves a scenario where a malicious application within a container attempts to break out and interact with the host system, as seen in Rob’s monitoring. Supply chain attacks occur when attackers compromise the development process. Workload runtime attacks exploit vulnerabilities within running applications but do not necessarily involve accessing the host directly. Phishing attacks target individuals to gain sensitive information, unrelated to this behavior. OBJ. 4.6

OBJ 1.5: Certificate stapling allows a web server to perform certificate status checks on behalf of the client. The server obtains a digitally signed response from the OCSP responder and presents it to the client during the TLS handshake. This eliminates the need for the client to query the certificate authority (CA), improving performance.

The Online Certificate Status Protocol (OCSP) enables clients to check the revocation status of a digital certificate by querying the CA directly. A Certificate Revocation List (CRL) is a list of certificates that have been revoked before their expiration date. Certificate pinning is a deprecated technique that bypasses the traditional CA trust model to reduce the risk of on-path (man-in-the-middle) attacks.. OBJ. 1.5

InSSIDer is correct because it passively identifies wireless networks, signal strength, and channel usage without actively interacting with them. Aircrack-ng is incorrect because it is primarily used for attacking and cracking wireless security. Wireshark is incorrect because it captures packet-level data rather than providing structured wireless network discovery. tcpdump is incorrect because it captures traffic but does not provide detailed wireless enumeration insights like channel mapping. OBJ. 2.4

OBJ 2.4 - InSSIDer's channel scanning feature is essential for analyzing channel usage and signal strength. This allows you to locate the rogue access point by identifying which channel it is using and how strong the signal is relative to other nearby access points. Signal-to-noise ratio measurement helps in assessing signal quality, but channel scanning directly aids in pinpointing location. OBJ. 2.4

OBJ 5.4: Removing persistence mechanisms is essential to the cleanup process to ensure that the target system is not left vulnerable to future exploitation. Disabling or modifying the persistence mechanism is not sufficient, as it could still be reactivated or discovered by an attacker. Proper cleanup requires full removal to maintain the security of the system. OBJ. 5.4