nerdexam
ExamsGCIHQuestions#735
GIAC

GCIH · Question #735

GCIH Question #735: Real Exam Question with Answer & Explanation

The correct answer is A: Microsoft 365 cloud environment. Invoke-MSOLSpray is a PowerShell password-spraying tool that targets Microsoft Online (Azure AD) authentication endpoints used by Microsoft 365 services.

Question

Which system is an attacker targeting by running the following command? PS > Invoke-MSOLSpray -UserList ./users.txt -Password Clippers22

Options

  • AMicrosoft 365 cloud environment
  • BWindows systems on the local subnet
  • CThe organization's MSQL server
  • DThe local domain controller

Explanation

Invoke-MSOLSpray is a PowerShell password-spraying tool that targets Microsoft Online (Azure AD) authentication endpoints used by Microsoft 365 services.

Common mistakes.

  • B. MSOLSpray communicates exclusively with Microsoft's cloud-based authentication APIs over the internet and has no mechanism to target or enumerate Windows hosts on a local network subnet.
  • C. MSOLSpray contains no functionality for database attacks; it is purpose-built for Microsoft Online credential spraying and cannot interact with SQL server authentication protocols.
  • D. The tool bypasses on-premises Active Directory and local domain controllers entirely by authenticating directly against Azure AD cloud endpoints, making the local domain controller irrelevant to the attack.

Concept tested. MSOLSpray password spraying against Microsoft 365 Azure AD

Reference. https://github.com/dafthack/MSOLSpray

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice