OBJ 4.9: Rooting (aka Jailbreaking on Apple devices) refers to the process of gaining root or administrative access on mobile devices. This allows users to bypass security mechanisms put in place by the operating system. Information Disclosure involves unintentionally revealing sensitive information. API Abuse refers to exploiting an API to perform unauthorized actions. Session Hijacking involves stealing and using a valid session token to gain unauthorized access. OBJ. 4.9

OBJ 5.2 To move laterally and discover network traffic, Ralph should use a network scanner to perform a network discovery scan. This tool helps identify active devices and services across the network, facilitating the identification of potential points for lateral movement. Implementing a new security policy, running a system performance analysis tool, or executing a firewall update do not directly assist in discovering network traffic. OBJ. 5.2

Due to the considerable increase in network utilization on dbsvr01, it will likely be suspected of compromise by the defenders and be investigated further for evidence of your team’s activities. The server has a historical average utilization of only 5.42 GB per week, but this week there has been an increase to 27.3 GB of usage. This increase is nearly 6x more than the previous week when all the other servers stayed relatively constant. This indicates a possible compromise of the database server (dbserve02) and should be investigated as a potential data breach or data exfiltration by the organization’s cyber defense team. OBJ. 5.1

OBJ 1.5: A badge reader and biometric lock can be used on a server room door to provide multifactor authentication. Biometrics are identifying features stored as digital data that can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires a relevant scanning device, such as a fingerprint reader, and a database of biometric information for authentication to occur. A badge reader can be used to read a security badge using RFID, a smart card, or a barcode to authenticate a user. Cable locks are used for laptops, not servers or server rooms. A bollard is used in the parking lot or the front of a building. Strong passwords are used for the servers, not the server room itself. Privacy windows shades could be used, but they are not as strong of a defense as a badge reader and biometric keypad on the door to the server room. OBJ. 1.5

dir /r is correct because it lists files along with any associated alternate data streams in NTFS, allowing the tester to identify hidden content attached to a file. ls -al is incorrect because it is a Linux command used to list file details and does not display NTFS alternate data streams. findstr /ADS is incorrect because it is not a valid command for enumerating alternate data streams in Windows. grep -A is incorrect because it is a Unix-based text searching utility and has no capability to enumerate NTFS alternate data streams. OBJ. 5.3

Directory traversal is correct because the encoded sequence %2e%2e/ represents ../, which is used to traverse up the directory hierarchy and access sensitive files outside the web root, such as /etc/shadow. This demonstrates an attempt to bypass input validation through encoding while exploiting improper path handling. Buffer overflow is incorrect because it involves exceeding memory boundaries, not manipulating file paths. XML injection is incorrect because it targets XML parsing and structure, which is not relevant in this request. SQL injection is incorrect because it involves injecting malicious SQL statements into database queries, not accessing filesystem resources. OBJ. 4.5

SET (Social Engineering Toolkit) is an open-source penetration testing framework included with Kali Linux that supports the use of social engineering to penetrate a network or system. Kismet is an 802.11 Layer 2 wireless network detector, sniffer, and intrusion detection system included with Kali Linux. ProxyChains is a command-line tool that enables pen testers to mask their identity and/or source IP address by sending messages through intermediary or proxy servers. Censys is a search engine that returns information about the types of devices connected to the Internet. OBJ. 4.8

When running an exploit, sometimes you don't receive a fully interactive shell in return. If you receive a "dumb shell", you can use Python to spawn a pty. A pty is a pseudo-terminal utility that is built into Python and only works on Linux systems. From here, you can attempt a privilege escalation using su and other commands on the system. OBJ. 5.1

Third-party scan data analysis is correct because you are leveraging previously collected scan data from external sources rather than interacting directly with the target. Active scanning is incorrect because it involves direct probing of the target. Network sniffing is incorrect because it requires access to live traffic. Protocol fuzzing is incorrect because it involves sending malformed inputs to test systems. OBJ. 2.1

Review scan configuration is correct because inconsistent results often indicate issues with scan settings, timing, or environmental conditions. Accept the first result is incorrect because it may not be accurate. Ignore all results is incorrect because findings still require validation. Exploit immediately is incorrect because results must be confirmed first. OBJ. 3.2