The scenario shows MD5 hashed password values. The most likely reason the security administrator is focusing on these values is to protect against pass-the-hash attacks. In this type of attack, an attacker can use a captured hash to authenticate without needing to know the actual plaintext password. By managing and monitoring these hashes, the administrator can implement strategies to mitigate this type of threat.

Many IoT devices connect to the network via wireless access points. Reviewing these logs would reveal when the IoT device first connected, as well as any suspicious or anomalous traffic patterns associated with the exploit's initiation.
Reference:
CompTIA Security+ SY0-701 Official Study Guide, Domain 4.1: "Wireless access point logs can help determine initial connectivity and exploitation of IoT devices." Exam Objectives 4.1: "Summarize the importance of logging and monitoring activities."

Memory injectionoccurs whenmalicious code is written into the memory space of a running process, allowing it to execute without writing anything to disk. This is often used infileless malware attacks, making detection harder.
* A (privilege escalation)describes a race condition, not memory injection.
* B (unexpected data causing execution)describes abuffer overflow attack, not memory injection.
* D (overwriting an executable)is apersistence technique, but it is not an example of in-memory injection.