OBJ 5.4 To ensure complete removal, tester-created AD domain accounts must be deleted from the domain controller. Using userdel is appropriate for local accounts on Unix systems. Deleting accounts from the local system does not affect the domain, and merely disabling accounts does not remove them, leaving potential security risks. OBJ. 5.4

OBJ 4.2: In a Pass-the-token attack, an attacker uses intercepted authentication IDs/tokens to impersonate a user without needing their password. Simon is using the captured tokens for unauthorized access. Pass-the-hash and Pass-the-ticket attacks use different types of credentials, while a brute force attack attempts to guess the password through repeated attempts. OBJ. 4.2

OBJ 1.4: When you find a vulnerability, it should be documented fully. This includes providing an executive summary for management, the methodology used to find the vulnerability so that others can recreate and verify it, and the recommendation remediation actions that should be taken. You should not exploit three random accounts on the server, which could negatively impact the client's reputation. You should not contact the development team directly since they may ignore your recommendation, and they did not hire you. While it may be a good idea to conduct a full-scale penetration test, that would not necessarily solve this vulnerability. OBJ. 1.4

OBJ 3.3 - Someone exploited a vulnerability in the web application using SQL injection to execute unauthorized queries and assign straight A’s to the student with ID #1235235. The query did not originate from an authorized application or administrator account, it was triggered by unusual input submitted through a publicly accessible web form, and similar queries targeting other student IDs were discovered during the same period. These details indicate a malicious actor leveraged SQL injection to manipulate the database. The application and database are not functioning properly because the log clearly reflects unauthorized behavior. There is no indication that the student whose grades were changed performed the attack, as the input could have come from any external source exploiting the form. The presence of the log capturing the unauthorized query suggests that logging and monitoring are operational. This scenario aligns with SQL injection as the most likely explanation. OBJ. 4.5

OBJ 2.2 - The correct answer is ping. This tool sends ICMP echo requests to a specified host or network to determine if the hosts are active and reachable. Netcat is used for networking tasks, Hydra for brute-force password attacks, and Metasploit for exploiting vulnerabilities, making them unsuitable for simple host discovery. OBJ. 2.2

Use != is correct because the != operator in Bash string comparisons evaluates to true when two strings are not equal, making it the appropriate choice for detecting mismatched domain names and preventing unauthorized scanning outside the defined scope. Use == is incorrect because it checks for equality and would only trigger when the domain names match, which is the opposite of the desired behavior. Use -ne is incorrect because it is a numeric comparison operator and is not used for string-based domain validation. Use || is incorrect because it is a logical OR operator used to combine multiple conditions rather than directly compare two domain strings. OBJ. 2.3

OBJ 4.3 Zack is performing a mask attack, which targets specific patterns in passwords. Password spraying involves testing a small number of passwords across multiple accounts, credential stuffing uses large sets of known credentials, and dictionary attacks attempt to use every word in a predefined list against an account. OBJ. 4.3 

Reverse DNS lookup is correct because the tester is mapping IP addresses to hostnames to discover additional systems. Service discovery is incorrect because it identifies services running on hosts. Host discovery is incorrect because it determines whether systems are live but does not resolve their names. Protocol enumeration is incorrect because it identifies supported protocols rather than hostnames. OBJ. 2.2

SQL injections target the data stored in enterprise databases by exploiting flaws in client-facing applications. These vulnerabilities being exploited are most often found in web applications. The database server or operating system would normally be exploited by a remote code execution, a buffer overflow, or another type of server-side attack. The firewall would not be subject to an SQL injection. OBJ. 4.2

OBJ 1.5: Since ICS, SCADA, and IoT devices often run proprietary, inaccessible, or unpatchable operating systems, the traditional tools used to detect the presence of malicious cyber activity in normal enterprise networks will not function properly. Therefore, user and entity behavior analytics (UEBA) is best suited to detect and classify known-good behavior from these systems to create a baseline. Once a known-good baseline is established, deviations can be detected and analyzed. UEBA may be heavily dependent on advanced computing techniques like artificial intelligence and machine learning and may have a higher false-positive rate. As the name suggests, the analytics software tracks user account behavior across different devices and cloud services. Entity refers to machine accounts, such as client workstations or virtualized server instances, and embedded hardware, such as the Internet of Things (IoT) devices. Traditional technologies include anti-virus tools, host-based IDS and IPS, and endpoint protection platforms. OBJ. 1.5